summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--secure/usr.bin/bdes/Makefile5
-rw-r--r--secure/usr.bin/bdes/bdes.1304
-rw-r--r--secure/usr.bin/bdes/bdes.c1046
-rw-r--r--secure/usr.bin/bdes/bdes.ps2945
4 files changed, 4300 insertions, 0 deletions
diff --git a/secure/usr.bin/bdes/Makefile b/secure/usr.bin/bdes/Makefile
new file mode 100644
index 0000000..9166f72
--- /dev/null
+++ b/secure/usr.bin/bdes/Makefile
@@ -0,0 +1,5 @@
+# @(#)Makefile 8.1 (Berkeley) 6/6/93
+
+PROG= bdes
+
+.include <bsd.prog.mk>
diff --git a/secure/usr.bin/bdes/bdes.1 b/secure/usr.bin/bdes/bdes.1
new file mode 100644
index 0000000..eecd81b
--- /dev/null
+++ b/secure/usr.bin/bdes/bdes.1
@@ -0,0 +1,304 @@
+.\" Copyright (c) 1991, 1993
+.\" The Regents of the University of California. All rights reserved.
+.\"
+.\" This code is derived from software contributed to Berkeley by
+.\" Matt Bishop of Dartmouth College.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\" must display the following acknowledgement:
+.\" This product includes software developed by the University of
+.\" California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" @(#)bdes.1 8.1 (Berkeley) 6/29/93
+.\"
+.TH BDES 1 "June 29, 1993"
+.UC 6
+.SH NAME
+bdes \- encrypt/decrypt using the Data Encryption Standard
+.SH SYNOPSIS
+.nf
+.ft B
+bdes [ \-abdp ] [ \-F N ] [ \-f N ] [ \-k key ]
+.ti +5
+[ \-m N ] [ \-o N ] [ \-v vector ]
+.ft R
+.fi
+.SH DESCRIPTION
+.I Bdes
+implements all DES modes of operation described in FIPS PUB 81,
+including alternative cipher feedback mode and both authentication
+modes.
+.I Bdes
+reads from the standard input and writes to the standard output.
+By default, the input is encrypted using cipher block chaining mode.
+Using the same key for encryption and decryption preserves plain text.
+.PP
+All modes but the electronic code book mode require an initialization
+vector; if none is supplied, the zero vector is used.
+If no
+.I key
+is specified on the command line, the user is prompted for one (see
+.IR getpass (3)
+for more details).
+.PP
+The options are as follows:
+.TP
+\-a
+The key and initialization vector strings are to be taken as ASCII,
+suppressing the special interpretation given to leading ``0X'', ``0x'',
+``0B'', and ``0b'' characters.
+This flag applies to
+.I both
+the key and initialization vector.
+.TP
+\-b
+Use electronic code book mode.
+.TP
+\-d
+Decrypt the input.
+.TP
+\-F
+Use
+.IR N -bit
+alternative cipher feedback mode.
+Currently
+.I N
+must be a multiple of 7 between 7 and 56 inclusive (this does not conform
+to the alternative CFB mode specification).
+.TP
+\-f
+Use
+.IR N -bit
+cipher feedback mode.
+Currently
+.I N
+must be a multiple of 8 between 8 and 64 inclusive (this does not conform
+to the standard CFB mode specification).
+.TP
+\-k
+Use
+.I key
+as the cryptographic key.
+.TP
+\-m
+Compute a message authentication code (MAC) of
+.I N
+bits on the input.
+The value of
+.I N
+must be between 1 and 64 inclusive; if
+.I N
+is not a multiple of 8, enough 0 bits will be added to pad the MAC length
+to the nearest multiple of 8.
+Only the MAC is output.
+MACs are only available in cipher block chaining mode or in cipher feedback
+mode.
+.TP
+\-o
+Use
+.IR N -bit
+output feedback mode.
+Currently
+.I N
+must be a multiple of 8 between 8 and 64 inclusive (this does not conform
+to the OFB mode specification).
+.TP
+\-p
+Disable the resetting of the parity bit.
+This flag forces the parity bit of the key to be used as typed, rather than
+making each character be of odd parity.
+It is used only if the key is given in ASCII.
+.TP
+\-v
+Set the initialization vector to
+.IR vector ;
+the vector is interpreted in the same way as the key.
+The vector is ignored in electronic codebook mode.
+.PP
+The key and initialization vector are taken as sequences of ASCII
+characters which are then mapped into their bit representations.
+If either begins with ``0X'' or ``0x'',
+that one is taken as a sequence of hexadecimal digits indicating the
+bit pattern;
+if either begins with ``0B'' or ``0b'',
+that one is taken as a sequence of binary digits indicating the bit pattern.
+In either case,
+only the leading 64 bits of the key or initialization vector
+are used,
+and if fewer than 64 bits are provided, enough 0 bits are appended
+to pad the key to 64 bits.
+.PP
+According to the DES standard, the low-order bit of each character in the
+key string is deleted.
+Since most ASCII representations set the high-order bit to 0, simply
+deleting the low-order bit effectively reduces the size of the key space
+from 2\u\s-356\s0\d to 2\u\s-348\s0\d keys.
+To prevent this, the high-order bit must be a function depending in part
+upon the low-order bit; so, the high-order bit is set to whatever value
+gives odd parity.
+This preserves the key space size.
+Note this resetting of the parity bit is
+.I not
+done if the key is given in binary or hex, and can be disabled for ASCII
+keys as well.
+.PP
+The DES is considered a very strong cryptosystem, and other than table lookup
+attacks, key search attacks, and Hellman's time-memory tradeoff (all of which
+are very expensive and time-consuming), no cryptanalytic methods for breaking
+the DES are known in the open literature.
+No doubt the choice of keys and key security are the most vulnerable aspect
+of
+.IR bdes .
+.SH IMPLEMENTATION NOTES
+For implementors wishing to write software compatible with this program,
+the following notes are provided.
+This software is believed to be compatible with the implementation of the
+data encryption standard distributed by Sun Microsystems, Inc.
+.PP
+In the ECB and CBC modes, plaintext is encrypted in units of 64 bits (8 bytes,
+also called a block).
+To ensure that the plaintext file is encrypted correctly,
+.I bdes
+will (internally) append from 1 to 8 bytes, the last byte containing an
+integer stating how many bytes of that final block are from the plaintext
+file, and encrypt the resulting block.
+Hence, when decrypting, the last block may contain from 0 to 7 characters
+present in the plaintext file, and the last byte tells how many.
+Note that if during decryption the last byte of the file does not contain an
+integer between 0 and 7, either the file has been corrupted or an incorrect
+key has been given.
+A similar mechanism is used for the OFB and CFB modes, except that those
+simply require the length of the input to be a multiple of the mode size,
+and the final byte contains an integer between 0 and one less than the number
+of bytes being used as the mode.
+(This was another reason that the mode size must be a multiple of 8 for those
+modes.)
+.PP
+Unlike Sun's implementation, unused bytes of that last block are not filled
+with random data, but instead contain what was in those byte positions in
+the preceding block.
+This is quicker and more portable, and does not weaken the encryption
+significantly.
+.PP
+If the key is entered in ASCII, the parity bits of the key characters are set
+so that each key character is of odd parity.
+Unlike Sun's implementation, it is possible to enter binary or hexadecimal
+keys on the command line, and if this is done, the parity bits are
+.I not
+reset.
+This allows testing using arbitrary bit patterns as keys.
+.PP
+The Sun implementation always uses an initialization vector of 0
+(that is, all zeroes).
+By default,
+.I bdes
+does too, but this may be changed from the command line.
+.SH SEE ALSO
+crypt(1), crypt(3), getpass(3)
+.sp
+.IR "Data Encryption Standard" ,
+Federal Information Processing Standard #46,
+National Bureau of Standards,
+U.S. Department of Commerce,
+Washington DC
+(Jan. 1977)
+.sp
+.IR "DES Modes of Operation" ,
+Federal Information Processing Standard #81,
+National Bureau of Standards,
+U.S. Department of Commerce
+Washington DC
+(Dec. 1980)
+.sp
+Dorothy Denning,
+.IR "Cryptography and Data Security" ,
+Addison-Wesley Publishing Co.,
+Reading, MA
+\(co1982.
+.sp
+Matt Bishop,
+.IR "Implementation Notes on bdes(1)" ,
+Technical Report PCS-TR-91-158,
+Department of Mathematics and Computer Science,
+Dartmouth College,
+Hanover, NH 03755
+(Apr. 1991).
+.SH DISCLAIMER
+.nf
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+.fi
+.SH BUGS
+There is a controversy raging over whether the DES will still be secure
+in a few years.
+The advent of special-purpose hardware could reduce the cost of any of the
+methods of attack named above so that they are no longer computationally
+infeasible.
+.PP
+As the key or key schedule is stored in memory, the encryption can be
+compromised if memory is readable.
+Additionally, programs which display programs' arguments may compromise the
+key and initialization vector, if they are specified on the command line.
+To avoid this
+.I bdes
+overwrites its arguments, however, the obvious race cannot currently be
+avoided.
+.PP
+Certain specific keys should be avoided because they introduce potential
+weaknesses; these keys, called the
+.I weak
+and
+.I semiweak
+keys, are (in hex notation, where p is either 0 or 1, and P is either
+e or f):
+.sp
+.nf
+.in +10n
+.ta \w'0x0p0p0p0p0p0p0p0p\0\0\0'u+5n
+0x0p0p0p0p0p0p0p0p 0x0p1P0p1P0p0P0p0P
+0x0pep0pep0pfp0pfp 0x0pfP0pfP0pfP0pfP
+0x1P0p1P0p0P0p0P0p 0x1P1P1P1P0P0P0P0P
+0x1Pep1Pep0Pfp0Pfp 0x1PfP1PfP0PfP0PfP
+0xep0pep0pfp0pfp0p 0xep1Pep1pfp0Pfp0P
+0xepepepepepepepep 0xepfPepfPfpfPfpfP
+0xfP0pfP0pfP0pfP0p 0xfP1PfP1PfP0PfP0P
+0xfPepfPepfPepfPep 0xfPfPfPfPfPfPfPfP
+.fi
+.in -10n
+.sp
+This is inherent in the DES algorithm (see Moore and Simmons,
+\*(LqCycle structure of the DES with weak and semi-weak keys,\*(Rq
+.I "Advances in Cryptology \- Crypto '86 Proceedings" ,
+Springer-Verlag New York, \(co1987, pp. 9-32.)
diff --git a/secure/usr.bin/bdes/bdes.c b/secure/usr.bin/bdes/bdes.c
new file mode 100644
index 0000000..f702e01
--- /dev/null
+++ b/secure/usr.bin/bdes/bdes.c
@@ -0,0 +1,1046 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Matt Bishop of Dartmouth College.
+ *
+ * The United States Government has rights in this work pursuant
+ * to contract no. NAG 2-680 between the National Aeronautics and
+ * Space Administration and Dartmouth College.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char copyright[] =
+"@(#) Copyright (c) 1991, 1993\n\
+ The Regents of the University of California. All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)bdes.c 8.1 (Berkeley) 6/6/93";
+#endif /* not lint */
+
+/*
+ * BDES -- DES encryption package for Berkeley Software Distribution 4.4
+ * options:
+ * -a key is in ASCII
+ * -b use ECB (electronic code book) mode
+ * -d invert (decrypt) input
+ * -f b use b-bit CFB (cipher feedback) mode
+ * -F b use b-bit CFB (cipher feedback) alternative mode
+ * -k key use key as the cryptographic key
+ * -m b generate a MAC of length b
+ * -o b use b-bit OFB (output feedback) mode
+ * -p don't reset the parity bit
+ * -v v use v as the initialization vector (ignored for ECB)
+ * note: the last character of the last block is the integer indicating
+ * how many characters of that block are to be output
+ *
+ * Author: Matt Bishop
+ * Department of Mathematics and Computer Science
+ * Dartmouth College
+ * Hanover, NH 03755
+ * Email: Matt.Bishop@dartmouth.edu
+ * ...!decvax!dartvax!Matt.Bishop
+ *
+ * See Technical Report PCS-TR91-158, Department of Mathematics and Computer
+ * Science, Dartmouth College, for a detailed description of the implemen-
+ * tation and differences between it and Sun's. The DES is described in
+ * FIPS PUB 46, and the modes in FIPS PUB 81 (see either the manual page
+ * or the technical report for a complete reference).
+ */
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * BSD and System V systems offer special library calls that do
+ * block moves and fills, so if possible we take advantage of them
+ */
+#define MEMCPY(dest,src,len) bcopy((src),(dest),(len))
+#define MEMZERO(dest,len) bzero((dest),(len))
+
+/* Hide the calls to the primitive encryption routines. */
+#define FASTWAY
+#ifdef FASTWAY
+#define DES_KEY(buf) \
+ if (des_setkey(buf)) \
+ err("des_setkey", 0);
+#define DES_XFORM(buf) \
+ if (des_cipher(buf, buf, 0L, (inverse ? -1 : 1))) \
+ err("des_cipher", 0);
+#else
+#define DES_KEY(buf) { \
+ char bits1[64]; /* bits of key */ \
+ expand(buf, bits1); \
+ if (setkey(bits1)) \
+ err("setkey", 0); \
+ }
+#define DES_XFORM(buf) { \
+ char bits1[64]; /* bits of message */ \
+ expand(buf, bits1); \
+ if (encrypt(bits1, inverse)) \
+ err("encrypt", 0); \
+ compress(bits1, buf); \
+ }
+#endif
+
+/*
+ * this does an error-checking write
+ */
+#define READ(buf, n) fread(buf, sizeof(char), n, stdin)
+#define WRITE(buf,n) \
+ if (fwrite(buf, sizeof(char), n, stdout) != n) \
+ err(bn, NULL);
+
+/*
+ * some things to make references easier
+ */
+typedef char Desbuf[8];
+#define CHAR(x,i) (x[i])
+#define UCHAR(x,i) (x[i])
+#define BUFFER(x) (x)
+#define UBUFFER(x) (x)
+
+/*
+ * global variables and related macros
+ */
+#define KEY_DEFAULT 0 /* interpret radix of key from key */
+#define KEY_ASCII 1 /* key is in ASCII characters */
+int keybase = KEY_DEFAULT; /* how to interpret the key */
+
+enum { /* encrypt, decrypt, authenticate */
+ MODE_ENCRYPT, MODE_DECRYPT, MODE_AUTHENTICATE
+} mode = MODE_ENCRYPT;
+enum { /* ecb, cbc, cfb, cfba, ofb? */
+ ALG_ECB, ALG_CBC, ALG_CFB, ALG_OFB, ALG_CFBA
+} alg = ALG_CBC;
+
+Desbuf ivec; /* initialization vector */
+char bits[] = { /* used to extract bits from a char */
+ '\200', '\100', '\040', '\020', '\010', '\004', '\002', '\001'
+};
+int inverse; /* 0 to encrypt, 1 to decrypt */
+int macbits = -1; /* number of bits in authentication */
+int fbbits = -1; /* number of feedback bits */
+int pflag; /* 1 to preserve parity bits */
+
+main(ac, av)
+ int ac; /* arg count */
+ char **av; /* arg vector */
+{
+ extern int optind; /* option (argument) number */
+ extern char *optarg; /* argument to option if any */
+ register int i; /* counter in a for loop */
+ register char *p; /* used to obtain the key */
+ Desbuf msgbuf; /* I/O buffer */
+ int kflag; /* command-line encryptiooon key */
+ int argc; /* the real arg count */
+ char **argv; /* the real argument vector */
+
+ /*
+ * Hide the arguments from ps(1) by making private copies of them
+ * and clobbering the global (visible to ps(1)) ones.
+ */
+ argc = ac;
+ ac = 1;
+ argv = malloc((argc + 1) * sizeof(char *));
+ for (i = 0; i < argc; ++i) {
+ argv[i] = strdup(av[i]);
+ MEMZERO(av[i], strlen(av[i]));
+ }
+ argv[argc] = NULL;
+
+ /* initialize the initialization vctor */
+ MEMZERO(ivec, 8);
+
+ /* process the argument list */
+ kflag = 0;
+ while ((i = getopt(argc, argv, "abdF:f:k:m:o:pv:")) != EOF)
+ switch(i) {
+ case 'a': /* key is ASCII */
+ keybase = KEY_ASCII;
+ break;
+ case 'b': /* use ECB mode */
+ alg = ALG_ECB;
+ break;
+ case 'd': /* decrypt */
+ mode = MODE_DECRYPT;
+ break;
+ case 'F': /* use alternative CFB mode */
+ alg = ALG_CFBA;
+ if ((fbbits = setbits(optarg, 7)) > 56 || fbbits == 0)
+ err(-1, "-F: number must be 1-56 inclusive");
+ else if (fbbits == -1)
+ err(-1, "-F: number must be a multiple of 7");
+ break;
+ case 'f': /* use CFB mode */
+ alg = ALG_CFB;
+ if ((fbbits = setbits(optarg, 8)) > 64 || fbbits == 0)
+ err(-1, "-f: number must be 1-64 inclusive");
+ else if (fbbits == -1)
+ err(-1, "-f: number must be a multiple of 8");
+ break;
+ case 'k': /* encryption key */
+ kflag = 1;
+ cvtkey(BUFFER(msgbuf), optarg);
+ break;
+ case 'm': /* number of bits for MACing */
+ mode = MODE_AUTHENTICATE;
+ if ((macbits = setbits(optarg, 1)) > 64)
+ err(-1, "-m: number must be 0-64 inclusive");
+ break;
+ case 'o': /* use OFB mode */
+ alg = ALG_OFB;
+ if ((fbbits = setbits(optarg, 8)) > 64 || fbbits == 0)
+ err(-1, "-o: number must be 1-64 inclusive");
+ else if (fbbits == -1)
+ err(-1, "-o: number must be a multiple of 8");
+ break;
+ case 'p': /* preserve parity bits */
+ pflag = 1;
+ break;
+ case 'v': /* set initialization vector */
+ cvtkey(BUFFER(ivec), optarg);
+ break;
+ default: /* error */
+ usage();
+ }
+
+ if (!kflag) {
+ /*
+ * if the key's not ASCII, assume it is
+ */
+ keybase = KEY_ASCII;
+ /*
+ * get the key
+ */
+ p = getpass("Enter key: ");
+ /*
+ * copy it, nul-padded, into the key area
+ */
+ cvtkey(BUFFER(msgbuf), p);
+ }
+
+ makekey(msgbuf);
+ inverse = (alg == ALG_CBC || alg == ALG_ECB) && mode == MODE_DECRYPT;
+
+ switch(alg) {
+ case ALG_CBC:
+ switch(mode) {
+ case MODE_AUTHENTICATE: /* authenticate using CBC mode */
+ cbcauth();
+ break;
+ case MODE_DECRYPT: /* decrypt using CBC mode */
+ cbcdec();
+ break;
+ case MODE_ENCRYPT: /* encrypt using CBC mode */
+ cbcenc();
+ break;
+ }
+ break;
+ case ALG_CFB:
+ switch(mode) {
+ case MODE_AUTHENTICATE: /* authenticate using CFB mode */
+ cfbauth();
+ break;
+ case MODE_DECRYPT: /* decrypt using CFB mode */
+ cfbdec();
+ break;
+ case MODE_ENCRYPT: /* encrypt using CFB mode */
+ cfbenc();
+ break;
+ }
+ break;
+ case ALG_CFBA:
+ switch(mode) {
+ case MODE_AUTHENTICATE: /* authenticate using CFBA mode */
+ err(-1, "can't authenticate with CFBA mode");
+ break;
+ case MODE_DECRYPT: /* decrypt using CFBA mode */
+ cfbadec();
+ break;
+ case MODE_ENCRYPT: /* encrypt using CFBA mode */
+ cfbaenc();
+ break;
+ }
+ break;
+ case ALG_ECB:
+ switch(mode) {
+ case MODE_AUTHENTICATE: /* authenticate using ECB mode */
+ err(-1, "can't authenticate with ECB mode");
+ break;
+ case MODE_DECRYPT: /* decrypt using ECB mode */
+ ecbdec();
+ break;
+ case MODE_ENCRYPT: /* encrypt using ECB mode */
+ ecbenc();
+ break;
+ }
+ break;
+ case ALG_OFB:
+ switch(mode) {
+ case MODE_AUTHENTICATE: /* authenticate using OFB mode */
+ err(-1, "can't authenticate with OFB mode");
+ break;
+ case MODE_DECRYPT: /* decrypt using OFB mode */
+ ofbdec();
+ break;
+ case MODE_ENCRYPT: /* encrypt using OFB mode */
+ ofbenc();
+ break;
+ }
+ break;
+ }
+ exit(0);
+}
+
+/*
+ * print a warning message and, possibly, terminate
+ */
+err(n, s)
+ int n; /* offending block number */
+ char *s; /* the message */
+{
+ if (n > 0)
+ (void)fprintf(stderr, "bdes (block %d): ", n);
+ else
+ (void)fprintf(stderr, "bdes: ");
+ (void)fprintf(stderr, "%s\n", s ? s : strerror(errno));
+ exit(1);
+}
+
+/*
+ * map a hex character to an integer
+ */
+tobinhex(c, radix)
+ char c; /* char to be converted */
+ int radix; /* base (2 to 16) */
+{
+ switch(c) {
+ case '0': return(0x0);
+ case '1': return(0x1);
+ case '2': return(radix > 2 ? 0x2 : -1);
+ case '3': return(radix > 3 ? 0x3 : -1);
+ case '4': return(radix > 4 ? 0x4 : -1);
+ case '5': return(radix > 5 ? 0x5 : -1);
+ case '6': return(radix > 6 ? 0x6 : -1);
+ case '7': return(radix > 7 ? 0x7 : -1);
+ case '8': return(radix > 8 ? 0x8 : -1);
+ case '9': return(radix > 9 ? 0x9 : -1);
+ case 'A': case 'a': return(radix > 10 ? 0xa : -1);
+ case 'B': case 'b': return(radix > 11 ? 0xb : -1);
+ case 'C': case 'c': return(radix > 12 ? 0xc : -1);
+ case 'D': case 'd': return(radix > 13 ? 0xd : -1);
+ case 'E': case 'e': return(radix > 14 ? 0xe : -1);
+ case 'F': case 'f': return(radix > 15 ? 0xf : -1);
+ }
+ /*
+ * invalid character
+ */
+ return(-1);
+}
+
+/*
+ * convert the key to a bit pattern
+ */
+cvtkey(obuf, ibuf)
+ char *obuf; /* bit pattern */
+ char *ibuf; /* the key itself */
+{
+ register int i, j; /* counter in a for loop */
+ int nbuf[64]; /* used for hex/key translation */
+
+ /*
+ * just switch on the key base
+ */
+ switch(keybase) {
+ case KEY_ASCII: /* ascii to integer */
+ (void)strncpy(obuf, ibuf, 8);
+ return;
+ case KEY_DEFAULT: /* tell from context */
+ /*
+ * leading '0x' or '0X' == hex key
+ */
+ if (ibuf[0] == '0' && (ibuf[1] == 'x' || ibuf[1] == 'X')) {
+ ibuf = &ibuf[2];
+ /*
+ * now translate it, bombing on any illegal hex digit
+ */
+ for (i = 0; ibuf[i] && i < 16; i++)
+ if ((nbuf[i] = tobinhex(ibuf[i], 16)) == -1)
+ err(-1, "bad hex digit in key");
+ while (i < 16)
+ nbuf[i++] = 0;
+ for (i = 0; i < 8; i++)
+ obuf[i] =
+ ((nbuf[2*i]&0xf)<<4) | (nbuf[2*i+1]&0xf);
+ /* preserve parity bits */
+ pflag = 1;
+ return;
+ }
+ /*
+ * leading '0b' or '0B' == binary key
+ */
+ if (ibuf[0] == '0' && (ibuf[1] == 'b' || ibuf[1] == 'B')) {
+ ibuf = &ibuf[2];
+ /*
+ * now translate it, bombing on any illegal binary digit
+ */
+ for (i = 0; ibuf[i] && i < 16; i++)
+ if ((nbuf[i] = tobinhex(ibuf[i], 2)) == -1)
+ err(-1, "bad binary digit in key");
+ while (i < 64)
+ nbuf[i++] = 0;
+ for (i = 0; i < 8; i++)
+ for (j = 0; j < 8; j++)
+ obuf[i] = (obuf[i]<<1)|nbuf[8*i+j];
+ /* preserve parity bits */
+ pflag = 1;
+ return;
+ }
+ /*
+ * no special leader -- ASCII
+ */
+ (void)strncpy(obuf, ibuf, 8);
+ }
+}
+
+/*
+ * convert an ASCII string into a decimal number:
+ * 1. must be between 0 and 64 inclusive
+ * 2. must be a valid decimal number
+ * 3. must be a multiple of mult
+ */
+setbits(s, mult)
+ char *s; /* the ASCII string */
+ int mult; /* what it must be a multiple of */
+{
+ register char *p; /* pointer in a for loop */
+ register int n = 0; /* the integer collected */
+
+ /*
+ * skip white space
+ */
+ while (isspace(*s))
+ s++;
+ /*
+ * get the integer
+ */
+ for (p = s; *p; p++) {
+ if (isdigit(*p))
+ n = n * 10 + *p - '0';
+ else {
+ err(-1, "bad decimal digit in MAC length");
+ }
+ }
+ /*
+ * be sure it's a multiple of mult
+ */
+ return((n % mult != 0) ? -1 : n);
+}
+
+/*****************
+ * DES FUNCTIONS *
+ *****************/
+/*
+ * This sets the DES key and (if you're using the deszip version)
+ * the direction of the transformation. This uses the Sun
+ * to map the 64-bit key onto the 56 bits that the key schedule
+ * generation routines use: the old way, which just uses the user-
+ * supplied 64 bits as is, and the new way, which resets the parity
+ * bit to be the same as the low-order bit in each character. The
+ * new way generates a greater variety of key schedules, since many
+ * systems set the parity (high) bit of each character to 0, and the
+ * DES ignores the low order bit of each character.
+ */
+makekey(buf)
+ Desbuf buf; /* key block */
+{
+ register int i, j; /* counter in a for loop */
+ register int par; /* parity counter */
+
+ /*
+ * if the parity is not preserved, flip it
+ */
+ if (!pflag) {
+ for (i = 0; i < 8; i++) {
+ par = 0;
+ for (j = 1; j < 8; j++)
+ if ((bits[j]&UCHAR(buf, i)) != 0)
+ par++;
+ if ((par&01) == 01)
+ UCHAR(buf, i) = UCHAR(buf, i)&0177;
+ else
+ UCHAR(buf, i) = (UCHAR(buf, i)&0177)|0200;
+ }
+ }
+
+ DES_KEY(UBUFFER(buf));
+}
+
+/*
+ * This encrypts using the Electronic Code Book mode of DES
+ */
+ecbenc()
+{
+ register int n; /* number of bytes actually read */
+ register int bn; /* block number */
+ Desbuf msgbuf; /* I/O buffer */
+
+ for (bn = 0; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) {
+ /*
+ * do the transformation
+ */
+ DES_XFORM(UBUFFER(msgbuf));
+ WRITE(BUFFER(msgbuf), 8);
+ }
+ /*
+ * at EOF or last block -- in either ase, the last byte contains
+ * the character representation of the number of bytes in it
+ */
+ bn++;
+ MEMZERO(&CHAR(msgbuf, n), 8 - n);
+ CHAR(msgbuf, 7) = n;
+ DES_XFORM(UBUFFER(msgbuf));
+ WRITE(BUFFER(msgbuf), 8);
+
+}
+
+/*
+ * This decrypts using the Electronic Code Book mode of DES
+ */
+ecbdec()
+{
+ register int n; /* number of bytes actually read */
+ register int c; /* used to test for EOF */
+ register int bn; /* block number */
+ Desbuf msgbuf; /* I/O buffer */
+
+ for (bn = 1; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) {
+ /*
+ * do the transformation
+ */
+ DES_XFORM(UBUFFER(msgbuf));
+ /*
+ * if the last one, handle it specially
+ */
+ if ((c = getchar()) == EOF) {
+ n = CHAR(msgbuf, 7);
+ if (n < 0 || n > 7)
+ err(bn, "decryption failed (block corrupted)");
+ }
+ else
+ (void)ungetc(c, stdin);
+ WRITE(BUFFER(msgbuf), n);
+ }
+ if (n > 0)
+ err(bn, "decryption failed (incomplete block)");
+}
+
+/*
+ * This encrypts using the Cipher Block Chaining mode of DES
+ */
+cbcenc()
+{
+ register int n; /* number of bytes actually read */
+ register int bn; /* block number */
+ Desbuf msgbuf; /* I/O buffer */
+
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) {
+ for (n = 0; n < 8; n++)
+ CHAR(msgbuf, n) ^= CHAR(ivec, n);
+ DES_XFORM(UBUFFER(msgbuf));
+ MEMCPY(BUFFER(ivec), BUFFER(msgbuf), 8);
+ WRITE(BUFFER(msgbuf), 8);
+ }
+ /*
+ * at EOF or last block -- in either case, the last byte contains
+ * the character representation of the number of bytes in it
+ */
+ bn++;
+ MEMZERO(&CHAR(msgbuf, n), 8 - n);
+ CHAR(msgbuf, 7) = n;
+ for (n = 0; n < 8; n++)
+ CHAR(msgbuf, n) ^= CHAR(ivec, n);
+ DES_XFORM(UBUFFER(msgbuf));
+ WRITE(BUFFER(msgbuf), 8);
+
+}
+
+/*
+ * This decrypts using the Cipher Block Chaining mode of DES
+ */
+cbcdec()
+{
+ register int n; /* number of bytes actually read */
+ Desbuf msgbuf; /* I/O buffer */
+ Desbuf ibuf; /* temp buffer for initialization vector */
+ register int c; /* used to test for EOF */
+ register int bn; /* block number */
+
+ for (bn = 0; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) {
+ /*
+ * do the transformation
+ */
+ MEMCPY(BUFFER(ibuf), BUFFER(msgbuf), 8);
+ DES_XFORM(UBUFFER(msgbuf));
+ for (c = 0; c < 8; c++)
+ UCHAR(msgbuf, c) ^= UCHAR(ivec, c);
+ MEMCPY(BUFFER(ivec), BUFFER(ibuf), 8);
+ /*
+ * if the last one, handle it specially
+ */
+ if ((c = getchar()) == EOF) {
+ n = CHAR(msgbuf, 7);
+ if (n < 0 || n > 7)
+ err(bn, "decryption failed (block corrupted)");
+ }
+ else
+ (void)ungetc(c, stdin);
+ WRITE(BUFFER(msgbuf), n);
+ }
+ if (n > 0)
+ err(bn, "decryption failed (incomplete block)");
+}
+
+/*
+ * This authenticates using the Cipher Block Chaining mode of DES
+ */
+cbcauth()
+{
+ register int n, j; /* number of bytes actually read */
+ Desbuf msgbuf; /* I/O buffer */
+ Desbuf encbuf; /* encryption buffer */
+
+ /*
+ * do the transformation
+ * note we DISCARD the encrypted block;
+ * we only care about the last one
+ */
+ while ((n = READ(BUFFER(msgbuf), 8)) == 8) {
+ for (n = 0; n < 8; n++)
+ CHAR(encbuf, n) = CHAR(msgbuf, n) ^ CHAR(ivec, n);
+ DES_XFORM(UBUFFER(encbuf));
+ MEMCPY(BUFFER(ivec), BUFFER(encbuf), 8);
+ }
+ /*
+ * now compute the last one, right padding with '\0' if need be
+ */
+ if (n > 0) {
+ MEMZERO(&CHAR(msgbuf, n), 8 - n);
+ for (n = 0; n < 8; n++)
+ CHAR(encbuf, n) = CHAR(msgbuf, n) ^ CHAR(ivec, n);
+ DES_XFORM(UBUFFER(encbuf));
+ }
+ /*
+ * drop the bits
+ * we write chars until fewer than 7 bits,
+ * and then pad the last one with 0 bits
+ */
+ for (n = 0; macbits > 7; n++, macbits -= 8)
+ (void)putchar(CHAR(encbuf, n));
+ if (macbits > 0) {
+ CHAR(msgbuf, 0) = 0x00;
+ for (j = 0; j < macbits; j++)
+ CHAR(msgbuf, 0) |= (CHAR(encbuf, n)&bits[j]);
+ (void)putchar(CHAR(msgbuf, 0));
+ }
+}
+
+/*
+ * This encrypts using the Cipher FeedBack mode of DES
+ */
+cfbenc()
+{
+ register int n; /* number of bytes actually read */
+ register int nbytes; /* number of bytes to read */
+ register int bn; /* block number */
+ char ibuf[8]; /* input buffer */
+ Desbuf msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 8;
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+ MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+ DES_XFORM(UBUFFER(msgbuf));
+ for (n = 0; n < 8 - nbytes; n++)
+ UCHAR(ivec, n) = UCHAR(ivec, n+nbytes);
+ for (n = 0; n < nbytes; n++)
+ UCHAR(ivec, 8-nbytes+n) = ibuf[n] ^ UCHAR(msgbuf, n);
+ WRITE(&CHAR(ivec, 8-nbytes), nbytes);
+ }
+ /*
+ * at EOF or last block -- in either case, the last byte contains
+ * the character representation of the number of bytes in it
+ */
+ bn++;
+ MEMZERO(&ibuf[n], nbytes - n);
+ ibuf[nbytes - 1] = n;
+ MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+ DES_XFORM(UBUFFER(msgbuf));
+ for (n = 0; n < nbytes; n++)
+ ibuf[n] ^= UCHAR(msgbuf, n);
+ WRITE(ibuf, nbytes);
+}
+
+/*
+ * This decrypts using the Cipher Block Chaining mode of DES
+ */
+cfbdec()
+{
+ register int n; /* number of bytes actually read */
+ register int c; /* used to test for EOF */
+ register int nbytes; /* number of bytes to read */
+ register int bn; /* block number */
+ char ibuf[8]; /* input buffer */
+ char obuf[8]; /* output buffer */
+ Desbuf msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 8;
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+ MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+ DES_XFORM(UBUFFER(msgbuf));
+ for (c = 0; c < 8 - nbytes; c++)
+ CHAR(ivec, c) = CHAR(ivec, c+nbytes);
+ for (c = 0; c < nbytes; c++) {
+ CHAR(ivec, 8-nbytes+c) = ibuf[c];
+ obuf[c] = ibuf[c] ^ UCHAR(msgbuf, c);
+ }
+ /*
+ * if the last one, handle it specially
+ */
+ if ((c = getchar()) == EOF) {
+ n = obuf[nbytes-1];
+ if (n < 0 || n > nbytes-1)
+ err(bn, "decryption failed (block corrupted)");
+ }
+ else
+ (void)ungetc(c, stdin);
+ WRITE(obuf, n);
+ }
+ if (n > 0)
+ err(bn, "decryption failed (incomplete block)");
+}
+
+/*
+ * This encrypts using the alternative Cipher FeedBack mode of DES
+ */
+cfbaenc()
+{
+ register int n; /* number of bytes actually read */
+ register int nbytes; /* number of bytes to read */
+ register int bn; /* block number */
+ char ibuf[8]; /* input buffer */
+ char obuf[8]; /* output buffer */
+ Desbuf msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 7;
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+ MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+ DES_XFORM(UBUFFER(msgbuf));
+ for (n = 0; n < 8 - nbytes; n++)
+ UCHAR(ivec, n) = UCHAR(ivec, n+nbytes);
+ for (n = 0; n < nbytes; n++)
+ UCHAR(ivec, 8-nbytes+n) = (ibuf[n] ^ UCHAR(msgbuf, n))
+ |0200;
+ for (n = 0; n < nbytes; n++)
+ obuf[n] = CHAR(ivec, 8-nbytes+n)&0177;
+ WRITE(obuf, nbytes);
+ }
+ /*
+ * at EOF or last block -- in either case, the last byte contains
+ * the character representation of the number of bytes in it
+ */
+ bn++;
+ MEMZERO(&ibuf[n], nbytes - n);
+ ibuf[nbytes - 1] = ('0' + n)|0200;
+ MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+ DES_XFORM(UBUFFER(msgbuf));
+ for (n = 0; n < nbytes; n++)
+ ibuf[n] ^= UCHAR(msgbuf, n);
+ WRITE(ibuf, nbytes);
+}
+
+/*
+ * This decrypts using the alternative Cipher Block Chaining mode of DES
+ */
+cfbadec()
+{
+ register int n; /* number of bytes actually read */
+ register int c; /* used to test for EOF */
+ register int nbytes; /* number of bytes to read */
+ register int bn; /* block number */
+ char ibuf[8]; /* input buffer */
+ char obuf[8]; /* output buffer */
+ Desbuf msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 7;
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+ MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+ DES_XFORM(UBUFFER(msgbuf));
+ for (c = 0; c < 8 - nbytes; c++)
+ CHAR(ivec, c) = CHAR(ivec, c+nbytes);
+ for (c = 0; c < nbytes; c++) {
+ CHAR(ivec, 8-nbytes+c) = ibuf[c]|0200;
+ obuf[c] = (ibuf[c] ^ UCHAR(msgbuf, c))&0177;
+ }
+ /*
+ * if the last one, handle it specially
+ */
+ if ((c = getchar()) == EOF) {
+ if ((n = (obuf[nbytes-1] - '0')) < 0
+ || n > nbytes-1)
+ err(bn, "decryption failed (block corrupted)");
+ }
+ else
+ (void)ungetc(c, stdin);
+ WRITE(obuf, n);
+ }
+ if (n > 0)
+ err(bn, "decryption failed (incomplete block)");
+}
+
+
+/*
+ * This encrypts using the Output FeedBack mode of DES
+ */
+ofbenc()
+{
+ register int n; /* number of bytes actually read */
+ register int c; /* used to test for EOF */
+ register int nbytes; /* number of bytes to read */
+ register int bn; /* block number */
+ char ibuf[8]; /* input buffer */
+ char obuf[8]; /* output buffer */
+ Desbuf msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 8;
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+ MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+ DES_XFORM(UBUFFER(msgbuf));
+ for (n = 0; n < 8 - nbytes; n++)
+ UCHAR(ivec, n) = UCHAR(ivec, n+nbytes);
+ for (n = 0; n < nbytes; n++) {
+ UCHAR(ivec, 8-nbytes+n) = UCHAR(msgbuf, n);
+ obuf[n] = ibuf[n] ^ UCHAR(msgbuf, n);
+ }
+ WRITE(obuf, nbytes);
+ }
+ /*
+ * at EOF or last block -- in either case, the last byte contains
+ * the character representation of the number of bytes in it
+ */
+ bn++;
+ MEMZERO(&ibuf[n], nbytes - n);
+ ibuf[nbytes - 1] = n;
+ MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+ DES_XFORM(UBUFFER(msgbuf));
+ for (c = 0; c < nbytes; c++)
+ ibuf[c] ^= UCHAR(msgbuf, c);
+ WRITE(ibuf, nbytes);
+}
+
+/*
+ * This decrypts using the Output Block Chaining mode of DES
+ */
+ofbdec()
+{
+ register int n; /* number of bytes actually read */
+ register int c; /* used to test for EOF */
+ register int nbytes; /* number of bytes to read */
+ register int bn; /* block number */
+ char ibuf[8]; /* input buffer */
+ char obuf[8]; /* output buffer */
+ Desbuf msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 8;
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+ MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+ DES_XFORM(UBUFFER(msgbuf));
+ for (c = 0; c < 8 - nbytes; c++)
+ CHAR(ivec, c) = CHAR(ivec, c+nbytes);
+ for (c = 0; c < nbytes; c++) {
+ CHAR(ivec, 8-nbytes+c) = UCHAR(msgbuf, c);
+ obuf[c] = ibuf[c] ^ UCHAR(msgbuf, c);
+ }
+ /*
+ * if the last one, handle it specially
+ */
+ if ((c = getchar()) == EOF) {
+ n = obuf[nbytes-1];
+ if (n < 0 || n > nbytes-1)
+ err(bn, "decryption failed (block corrupted)");
+ }
+ else
+ (void)ungetc(c, stdin);
+ /*
+ * dump it
+ */
+ WRITE(obuf, n);
+ }
+ if (n > 0)
+ err(bn, "decryption failed (incomplete block)");
+}
+
+/*
+ * This authenticates using the Cipher FeedBack mode of DES
+ */
+cfbauth()
+{
+ register int n, j; /* number of bytes actually read */
+ register int nbytes; /* number of bytes to read */
+ char ibuf[8]; /* input buffer */
+ Desbuf msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 8;
+ /*
+ * do the transformation
+ */
+ while ((n = READ(ibuf, nbytes)) == nbytes) {
+ MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+ DES_XFORM(UBUFFER(msgbuf));
+ for (n = 0; n < 8 - nbytes; n++)
+ UCHAR(ivec, n) = UCHAR(ivec, n+nbytes);
+ for (n = 0; n < nbytes; n++)
+ UCHAR(ivec, 8-nbytes+n) = ibuf[n] ^ UCHAR(msgbuf, n);
+ }
+ /*
+ * at EOF or last block -- in either case, the last byte contains
+ * the character representation of the number of bytes in it
+ */
+ MEMZERO(&ibuf[n], nbytes - n);
+ ibuf[nbytes - 1] = '0' + n;
+ MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+ DES_XFORM(UBUFFER(msgbuf));
+ for (n = 0; n < nbytes; n++)
+ ibuf[n] ^= UCHAR(msgbuf, n);
+ /*
+ * drop the bits
+ * we write chars until fewer than 7 bits,
+ * and then pad the last one with 0 bits
+ */
+ for (n = 0; macbits > 7; n++, macbits -= 8)
+ (void)putchar(CHAR(msgbuf, n));
+ if (macbits > 0) {
+ CHAR(msgbuf, 0) = 0x00;
+ for (j = 0; j < macbits; j++)
+ CHAR(msgbuf, 0) |= (CHAR(msgbuf, n)&bits[j]);
+ (void)putchar(CHAR(msgbuf, 0));
+ }
+}
+
+#ifndef FASTWAY
+/*
+ * change from 8 bits/Uchar to 1 bit/Uchar
+ */
+expand(from, to)
+ Desbuf from; /* 8bit/unsigned char string */
+ char *to; /* 1bit/char string */
+{
+ register int i, j; /* counters in for loop */
+
+ for (i = 0; i < 8; i++)
+ for (j = 0; j < 8; j++)
+ *to++ = (CHAR(from, i)>>(7-j))&01;
+}
+
+/*
+ * change from 1 bit/char to 8 bits/Uchar
+ */
+compress(from, to)
+ char *from; /* 1bit/char string */
+ Desbuf to; /* 8bit/unsigned char string */
+{
+ register int i, j; /* counters in for loop */
+
+ for (i = 0; i < 8; i++) {
+ CHAR(to, i) = 0;
+ for (j = 0; j < 8; j++)
+ CHAR(to, i) = ((*from++)<<(7-j))|CHAR(to, i);
+ }
+}
+#endif
+
+/*
+ * message about usage
+ */
+usage()
+{
+ (void)fprintf(stderr, "%s\n",
+"usage: bdes [-abdp] [-F bit] [-f bit] [-k key] [-m bit] [-o bit] [-v vector]");
+ exit(1);
+}
diff --git a/secure/usr.bin/bdes/bdes.ps b/secure/usr.bin/bdes/bdes.ps
new file mode 100644
index 0000000..471c267
--- /dev/null
+++ b/secure/usr.bin/bdes/bdes.ps
@@ -0,0 +1,2945 @@
+%!
+%%BoundingBox: (atend)
+%%Pages: (atend)
+%%DocumentFonts: (atend)
+%%EndComments
+%
+% FrameMaker PostScript Prolog 2.0, for use with FrameMaker 2.0
+% Copyright (c) 1986,87,89 by Frame Technology, Inc. All rights reserved.
+%
+% Known Problems:
+% Due to bugs in Transcript, the 'PS-Adobe-' is omitted from line 1
+/FMversion (2.0) def
+% Set up Color vs. Black-and-White
+ /FMPrintInColor systemdict /colorimage known def
+% Uncomment this line to force b&w on color printer
+% /FMPrintInColor false def
+/FrameDict 190 dict def
+systemdict /errordict known not {/errordict 10 dict def
+ errordict /rangecheck {stop} put} if
+% The readline in 23.0 doesn't recognize cr's as nl's on AppleTalk
+FrameDict /tmprangecheck errordict /rangecheck get put
+errordict /rangecheck {FrameDict /bug true put} put
+FrameDict /bug false put
+mark
+% Some PS machines read past the CR, so keep the following 3 lines together!
+currentfile 5 string readline
+00
+0000000000
+cleartomark
+errordict /rangecheck FrameDict /tmprangecheck get put
+FrameDict /bug get {
+ /readline {
+ /gstring exch def
+ /gfile exch def
+ /gindex 0 def
+ {
+ gfile read pop
+ dup 10 eq {exit} if
+ dup 13 eq {exit} if
+ gstring exch gindex exch put
+ /gindex gindex 1 add def
+ } loop
+ pop
+ gstring 0 gindex getinterval true
+ } def
+ } if
+/FMVERSION {
+ FMversion ne {
+ /Times-Roman findfont 18 scalefont setfont
+ 100 100 moveto
+ (FrameMaker version does not match postscript_prolog!)
+ dup =
+ show showpage
+ } if
+ } def
+/FMLOCAL {
+ FrameDict begin
+ 0 def
+ end
+ } def
+ /gstring FMLOCAL
+ /gfile FMLOCAL
+ /gindex FMLOCAL
+ /orgxfer FMLOCAL
+ /orgproc FMLOCAL
+ /organgle FMLOCAL
+ /orgfreq FMLOCAL
+ /yscale FMLOCAL
+ /xscale FMLOCAL
+ /manualfeed FMLOCAL
+ /paperheight FMLOCAL
+ /paperwidth FMLOCAL
+/FMDOCUMENT {
+ array /FMfonts exch def
+ /#copies exch def
+ FrameDict begin
+ 0 ne dup {setmanualfeed} if
+ /manualfeed exch def
+ /paperheight exch def
+ /paperwidth exch def
+ setpapername
+ manualfeed {true} {papersize} ifelse
+ {manualpapersize} {false} ifelse
+ {desperatepapersize} if
+ /yscale exch def
+ /xscale exch def
+ currenttransfer cvlit /orgxfer exch def
+ currentscreen cvlit /orgproc exch def
+ /organgle exch def /orgfreq exch def
+ end
+ } def
+ /pagesave FMLOCAL
+ /orgmatrix FMLOCAL
+ /landscape FMLOCAL
+/FMBEGINPAGE {
+ FrameDict begin
+ /pagesave save def
+ 3.86 setmiterlimit
+ /landscape exch 0 ne def
+ landscape {
+ 90 rotate 0 exch neg translate pop
+ }
+ {pop pop}
+ ifelse
+ xscale yscale scale
+ /orgmatrix matrix def
+ gsave
+ } def
+/FMENDPAGE {
+ grestore
+ pagesave restore
+ end
+ showpage
+ } def
+/FMDEFINEFONT {
+ FrameDict begin
+ findfont
+ ReEncode
+ 2 index exch
+ definefont exch
+ scalefont
+ FMfonts 3 1 roll
+ put
+ end
+ } bind def
+/FMNORMALIZEGRAPHICS {
+ newpath
+ 0.0 0.0 moveto
+ 1 setlinewidth
+ 0 setlinecap
+ 0 0 0 sethsbcolor
+ 0 setgray
+ } bind def
+ /fx FMLOCAL
+ /fy FMLOCAL
+ /fh FMLOCAL
+ /fw FMLOCAL
+ /llx FMLOCAL
+ /lly FMLOCAL
+ /urx FMLOCAL
+ /ury FMLOCAL
+/FMBEGINEPSF {
+ end
+ /FMEPSF save def
+ /showpage {} def
+ FMNORMALIZEGRAPHICS
+ [/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall
+ fx fy translate
+ rotate
+ fw urx llx sub div fh ury lly sub div scale
+ llx neg lly neg translate
+ } bind def
+/FMENDEPSF {
+ FMEPSF restore
+ FrameDict begin
+ } bind def
+FrameDict begin
+/setmanualfeed {
+%%BeginFeature *ManualFeed True
+ statusdict /manualfeed true put
+%%EndFeature
+ } def
+/max {2 copy lt {exch} if pop} bind def
+/min {2 copy gt {exch} if pop} bind def
+/inch {72 mul} def
+/pagedimen {
+ paperheight sub abs 16 lt exch
+ paperwidth sub abs 16 lt and
+ {/papername exch def} {pop} ifelse
+ } def
+ /papersizedict FMLOCAL
+/setpapername {
+ /papersizedict 14 dict def
+ papersizedict begin
+ /papername /unknown def
+ /Letter 8.5 inch 11.0 inch pagedimen
+ /LetterSmall 7.68 inch 10.16 inch pagedimen
+ /Tabloid 11.0 inch 17.0 inch pagedimen
+ /Ledger 17.0 inch 11.0 inch pagedimen
+ /Legal 8.5 inch 14.0 inch pagedimen
+ /Statement 5.5 inch 8.5 inch pagedimen
+ /Executive 7.5 inch 10.0 inch pagedimen
+ /A3 11.69 inch 16.5 inch pagedimen
+ /A4 8.26 inch 11.69 inch pagedimen
+ /A4Small 7.47 inch 10.85 inch pagedimen
+ /B4 10.125 inch 14.33 inch pagedimen
+ /B5 7.16 inch 10.125 inch pagedimen
+ end
+ } def
+/papersize {
+ papersizedict begin
+ /Letter {lettertray} def
+ /LetterSmall {lettertray lettersmall} def
+ /Tabloid {11x17tray} def
+ /Ledger {ledgertray} def
+ /Legal {legaltray} def
+ /Statement {statementtray} def
+ /Executive {executivetray} def
+ /A3 {a3tray} def
+ /A4 {a4tray} def
+ /A4Small {a4tray a4small} def
+ /B4 {b4tray} def
+ /B5 {b5tray} def
+ /unknown {unknown} def
+ papersizedict dup papername known {papername} {/unknown} ifelse get
+ end
+ /FMdicttop countdictstack 1 add def
+ statusdict begin stopped end
+ countdictstack -1 FMdicttop {pop end} for
+ } def
+/manualpapersize {
+ papersizedict begin
+ /Letter {letter} def
+ /LetterSmall {lettersmall} def
+ /Tabloid {11x17} def
+ /Ledger {ledger} def
+ /Legal {legal} def
+ /Statement {statement} def
+ /Executive {executive} def
+ /A3 {a3} def
+ /A4 {a4} def
+ /A4Small {a4small} def
+ /B4 {b4} def
+ /B5 {b5} def
+ /unknown {unknown} def
+ papersizedict dup papername known {papername} {/unknown} ifelse get
+ end
+ stopped
+ } def
+/desperatepapersize {
+ statusdict /setpageparams known
+ {
+ paperwidth paperheight 0 1
+ statusdict begin
+ {setpageparams} stopped pop
+ end
+ } if
+ } def
+/savematrix {
+ orgmatrix currentmatrix pop
+ } bind def
+/restorematrix {
+ orgmatrix setmatrix
+ } bind def
+/dmatrix matrix def
+/dpi 72 0 dmatrix defaultmatrix dtransform
+ dup mul exch dup mul add sqrt def
+/freq dpi 18.75 div 8 div round dup 0 eq {pop 1} if 8 mul dpi exch div def
+/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
+/DiacriticEncoding [
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
+/numbersign /dollar /percent /ampersand /quotesingle /parenleft
+/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
+/two /three /four /five /six /seven /eight /nine /colon /semicolon
+/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
+/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
+/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
+/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
+/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
+/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
+/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
+/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
+/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
+/udieresis /dagger /.notdef /cent /sterling /section /bullet
+/paragraph /germandbls /registered /copyright /trademark /acute
+/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
+/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
+/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
+/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
+/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
+/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
+/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
+/periodcentered /quotesinglbase /quotedblbase /perthousand
+/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
+/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
+/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
+/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
+] def
+/ReEncode {
+ dup
+ length
+ dict begin
+ {
+ 1 index /FID ne
+ {def}
+ {pop pop} ifelse
+ } forall
+ Encoding StandardEncoding eq
+ {
+ /Encoding DiacriticEncoding def
+ }if
+ currentdict
+ end
+ } bind def
+/graymode true def
+ /bwidth FMLOCAL
+ /bpside FMLOCAL
+ /bstring FMLOCAL
+ /onbits FMLOCAL
+ /offbits FMLOCAL
+ /xindex FMLOCAL
+ /yindex FMLOCAL
+ /x FMLOCAL
+ /y FMLOCAL
+/setpattern {
+ /bwidth exch def
+ /bpside exch def
+ /bstring exch def
+ /onbits 0 def /offbits 0 def
+ freq sangle landscape {90 add} if
+ {/y exch def
+ /x exch def
+ /xindex x 1 add 2 div bpside mul cvi def
+ /yindex y 1 add 2 div bpside mul cvi def
+ bstring yindex bwidth mul xindex 8 idiv add get
+ 1 7 xindex 8 mod sub bitshift and 0 ne
+ {/onbits onbits 1 add def 1}
+ {/offbits offbits 1 add def 0}
+ ifelse
+ }
+ setscreen
+ {} settransfer
+ offbits offbits onbits add div FMsetgray
+ /graymode false def
+ } bind def
+/grayness {
+ FMsetgray
+ graymode not {
+ /graymode true def
+ orgxfer cvx settransfer
+ orgfreq organgle orgproc cvx setscreen
+ } if
+ } bind def
+ /HUE FMLOCAL
+ /SAT FMLOCAL
+ /BRIGHT FMLOCAL
+ /Colors FMLOCAL
+FMPrintInColor
+
+ {
+ /HUE 0 def
+ /SAT 0 def
+ /BRIGHT 0 def
+ % array of arrays Hue and Sat values for the separations [HUE BRIGHT]
+ /Colors
+ [[0 0 ] % black
+ [0 0 ] % white
+ [0.00 1.0] % red
+ [0.37 1.0] % green
+ [0.60 1.0] % blue
+ [0.50 1.0] % cyan
+ [0.83 1.0] % magenta
+ [0.16 1.0] % comment / yellow
+ ] def
+
+ /BEGINBITMAPCOLOR {
+ BITMAPCOLOR} def
+ /BEGINBITMAPCOLORc {
+ BITMAPCOLORc} def
+ /K {
+ Colors exch get dup
+ 0 get /HUE exch store
+ 1 get /BRIGHT exch store
+ HUE 0 eq BRIGHT 0 eq and
+ {1.0 SAT sub setgray}
+ {HUE SAT BRIGHT sethsbcolor}
+ ifelse
+ } def
+ /FMsetgray {
+ /SAT exch 1.0 exch sub store
+ HUE 0 eq BRIGHT 0 eq and
+ {1.0 SAT sub setgray}
+ {HUE SAT BRIGHT sethsbcolor}
+ ifelse
+ } bind def
+ }
+
+ {
+ /BEGINBITMAPCOLOR {
+ BITMAPGRAY} def
+ /BEGINBITMAPCOLORc {
+ BITMAPGRAYc} def
+ /FMsetgray {setgray} bind def
+ /K {
+ pop
+ } def
+ }
+ifelse
+/normalize {
+ transform round exch round exch itransform
+ } bind def
+/dnormalize {
+ dtransform round exch round exch idtransform
+ } bind def
+/lnormalize {
+ 0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
+ } bind def
+/H {
+ lnormalize setlinewidth
+ } bind def
+/Z {
+ setlinecap
+ } bind def
+/X {
+ fillprocs exch get exec
+ } bind def
+/V {
+ gsave eofill grestore
+ } bind def
+/N {
+ stroke
+ } bind def
+/M {newpath moveto} bind def
+/E {lineto} bind def
+/D {curveto} bind def
+/O {closepath} bind def
+ /n FMLOCAL
+/L {
+ /n exch def
+ newpath
+ normalize
+ moveto
+ 2 1 n {pop normalize lineto} for
+ } bind def
+/Y {
+ L
+ closepath
+ } bind def
+ /x1 FMLOCAL
+ /x2 FMLOCAL
+ /y1 FMLOCAL
+ /y2 FMLOCAL
+ /rad FMLOCAL
+/R {
+ /y2 exch def
+ /x2 exch def
+ /y1 exch def
+ /x1 exch def
+ x1 y1
+ x2 y1
+ x2 y2
+ x1 y2
+ 4 Y
+ } bind def
+/RR {
+ /rad exch def
+ normalize
+ /y2 exch def
+ /x2 exch def
+ normalize
+ /y1 exch def
+ /x1 exch def
+ newpath
+ x1 y1 rad add moveto
+ x1 y2 x2 y2 rad arcto
+ x2 y2 x2 y1 rad arcto
+ x2 y1 x1 y1 rad arcto
+ x1 y1 x1 y2 rad arcto
+ closepath
+ 16 {pop} repeat
+ } bind def
+/C {
+ grestore
+ gsave
+ R
+ clip
+ } bind def
+/U {
+ grestore
+ gsave
+ } bind def
+/F {
+ FMfonts exch get
+ setfont
+ } bind def
+/T {
+ moveto show
+ } bind def
+/RF {
+ rotate
+ 0 ne {-1 1 scale} if
+ } bind def
+/TF {
+ gsave
+ moveto
+ RF
+ show
+ grestore
+ } bind def
+/P {
+ moveto
+ 0 32 3 2 roll widthshow
+ } bind def
+/PF {
+ gsave
+ moveto
+ RF
+ 0 32 3 2 roll widthshow
+ grestore
+ } bind def
+/S {
+ moveto
+ 0 exch ashow
+ } bind def
+/SF {
+ gsave
+ moveto
+ RF
+ 0 exch ashow
+ grestore
+ } bind def
+/B {
+ moveto
+ 0 32 4 2 roll 0 exch awidthshow
+ } bind def
+/BF {
+ gsave
+ moveto
+ RF
+ 0 32 4 2 roll 0 exch awidthshow
+ grestore
+ } bind def
+ /x FMLOCAL
+ /y FMLOCAL
+ /dx FMLOCAL
+ /dy FMLOCAL
+ /dl FMLOCAL
+ /t FMLOCAL
+ /t2 FMLOCAL
+ /Cos FMLOCAL
+ /Sin FMLOCAL
+ /r FMLOCAL
+/W {
+ dnormalize
+ /dy exch def
+ /dx exch def
+ normalize
+ /y exch def
+ /x exch def
+ /dl dx dx mul dy dy mul add sqrt def
+ dl 0.0 gt {
+ /t currentlinewidth def
+ savematrix
+ /Cos dx dl div def
+ /Sin dy dl div def
+ /r [Cos Sin Sin neg Cos 0.0 0.0] def
+ /t2 t 2.5 mul 3.5 max def
+ newpath
+ x y translate
+ r concat
+ 0.0 0.0 moveto
+ dl t 2.7 mul sub 0.0 rlineto
+ stroke
+ restorematrix
+ x dx add y dy add translate
+ r concat
+ t 0.67 mul setlinewidth
+ t 1.61 mul neg 0.0 translate
+ 0.0 0.0 moveto
+ t2 1.7 mul neg t2 2.0 div moveto
+ 0.0 0.0 lineto
+ t2 1.7 mul neg t2 2.0 div neg lineto
+ stroke
+ t setlinewidth
+ restorematrix
+ } if
+ } bind def
+/G {
+ gsave
+ newpath
+ normalize translate 0.0 0.0 moveto
+ dnormalize scale
+ 0.0 0.0 1.0 5 3 roll arc
+ closepath fill
+ grestore
+ } bind def
+/A {
+ gsave
+ savematrix
+ newpath
+ 2 index 2 div add exch 3 index 2 div sub exch
+ normalize 2 index 2 div sub exch 3 index 2 div add exch
+ translate
+ scale
+ 0.0 0.0 1.0 5 3 roll arc
+ restorematrix
+ stroke
+ grestore
+ } bind def
+ /x FMLOCAL
+ /y FMLOCAL
+ /w FMLOCAL
+ /h FMLOCAL
+ /xx FMLOCAL
+ /yy FMLOCAL
+ /ww FMLOCAL
+ /hh FMLOCAL
+ /FMsaveobject FMLOCAL
+ /FMoptop FMLOCAL
+ /FMdicttop FMLOCAL
+/BEGINPRINTCODE {
+ /FMdicttop countdictstack 1 add def
+ /FMoptop count 4 sub def
+ /FMsaveobject save def
+ userdict begin
+ /showpage {} def
+ FMNORMALIZEGRAPHICS
+ 3 index neg 3 index neg translate
+ } bind def
+/ENDPRINTCODE {
+ count -1 FMoptop {pop pop} for
+ countdictstack -1 FMdicttop {pop end} for
+ FMsaveobject restore
+ } bind def
+/gn {
+ 0
+ { 46 mul
+ cf read pop
+ 32 sub
+ dup 46 lt {exit} if
+ 46 sub add
+ } loop
+ add
+ } bind def
+ /str FMLOCAL
+/cfs {
+ /str sl string def
+ 0 1 sl 1 sub {str exch val put} for
+ str def
+ } bind def
+/ic [
+ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
+ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
+ 0
+ {0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
+ {10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
+ {19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
+ {13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
+ {4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
+ {13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
+ {7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
+ {0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
+ {10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
+ ] def
+ /sl FMLOCAL
+ /val FMLOCAL
+ /ws FMLOCAL
+ /im FMLOCAL
+ /bs FMLOCAL
+ /cs FMLOCAL
+ /len FMLOCAL
+ /pos FMLOCAL
+/ms {
+ /sl exch def
+ /val 255 def
+ /ws cfs
+ /im cfs
+ /val 0 def
+ /bs cfs
+ /cs cfs
+ } bind def
+400 ms
+/ip {
+ is
+ 0
+ cf cs readline pop
+ { ic exch get exec
+ add
+ } forall
+ pop
+
+ } bind def
+/wh {
+ /len exch def
+ /pos exch def
+ ws 0 len getinterval im pos len getinterval copy pop
+ pos len
+ } bind def
+/bl {
+ /len exch def
+ /pos exch def
+ bs 0 len getinterval im pos len getinterval copy pop
+ pos len
+ } bind def
+/s1 1 string def
+/fl {
+ /len exch def
+ /pos exch def
+ /val cf s1 readhexstring pop 0 get def
+ pos 1 pos len add 1 sub {im exch val put} for
+ pos len
+ } bind def
+/hx {
+ 3 copy getinterval
+ cf exch readhexstring pop pop
+ } bind def
+ /h FMLOCAL
+ /w FMLOCAL
+ /d FMLOCAL
+ /lb FMLOCAL
+ /bitmapsave FMLOCAL
+ /is FMLOCAL
+ /cf FMLOCAL
+/wbytes {
+ dup
+ 8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse
+ } bind def
+/BEGINBITMAPBWc {
+ 1 {} COMMONBITMAPc
+ } bind def
+/BEGINBITMAPGRAYc {
+ 8 {} COMMONBITMAPc
+ } bind def
+/BEGINBITMAP2BITc {
+ 2 {} COMMONBITMAPc
+ } bind def
+/COMMONBITMAPc {
+ /r exch def
+ /d exch def
+ gsave
+ translate rotate scale /h exch def /w exch def
+ /lb w d wbytes def
+ sl lb lt {lb ms} if
+ /bitmapsave save def
+ r
+ /is im 0 lb getinterval def
+ ws 0 lb getinterval is copy pop
+ /cf currentfile def
+ w h d [w 0 0 h neg 0 h]
+ {ip} image
+ bitmapsave restore
+ grestore
+ } bind def
+/BEGINBITMAPBW {
+ 1 {} COMMONBITMAP
+ } bind def
+/BEGINBITMAPGRAY {
+ 8 {} COMMONBITMAP
+ } bind def
+/BEGINBITMAP2BIT {
+ 2 {} COMMONBITMAP
+ } bind def
+/COMMONBITMAP {
+ /r exch def
+ /d exch def
+ gsave
+ translate rotate scale /h exch def /w exch def
+ /bitmapsave save def
+ r
+ /is w d wbytes string def
+ /cf currentfile def
+ w h d [w 0 0 h neg 0 h]
+ {cf is readhexstring pop} image
+ bitmapsave restore
+ grestore
+ } bind def
+ /proc1 FMLOCAL
+ /proc2 FMLOCAL
+ /newproc FMLOCAL
+/Fmcc {
+ /proc2 exch cvlit def
+ /proc1 exch cvlit def
+ /newproc proc1 length proc2 length add array def
+ newproc 0 proc1 putinterval
+ newproc proc1 length proc2 putinterval
+ newproc cvx
+} bind def
+/ngrayt 256 array def
+/nredt 256 array def
+/nbluet 256 array def
+/ngreent 256 array def
+ /gryt FMLOCAL
+ /blut FMLOCAL
+ /grnt FMLOCAL
+ /redt FMLOCAL
+ /indx FMLOCAL
+ /cynu FMLOCAL
+ /magu FMLOCAL
+ /yelu FMLOCAL
+ /k FMLOCAL
+ /u FMLOCAL
+/colorsetup {
+ currentcolortransfer
+ /gryt exch def
+ /blut exch def
+ /grnt exch def
+ /redt exch def
+ 0 1 255 {
+ /indx exch def
+ /cynu 1 red indx get 255 div sub def
+ /magu 1 green indx get 255 div sub def
+ /yelu 1 blue indx get 255 div sub def
+ /k cynu magu min yelu min def
+ /u k currentundercolorremoval exec def
+ nredt indx 1 0 cynu u sub max sub redt exec put
+ ngreent indx 1 0 magu u sub max sub grnt exec put
+ nbluet indx 1 0 yelu u sub max sub blut exec put
+ ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
+ } for
+ {255 mul cvi nredt exch get}
+ {255 mul cvi ngreent exch get}
+ {255 mul cvi nbluet exch get}
+ {255 mul cvi ngrayt exch get}
+ setcolortransfer
+ {pop 0} setundercolorremoval
+ {} setblackgeneration
+ } bind def
+ /tran FMLOCAL
+/fakecolorsetup {
+ /tran 256 string def
+ 0 1 255 {/indx exch def
+ tran indx
+ red indx get 77 mul
+ green indx get 151 mul
+ blue indx get 28 mul
+ add add 256 idiv put} for
+ currenttransfer
+ {255 mul cvi tran exch get 255.0 div}
+ exch Fmcc settransfer
+} bind def
+/BITMAPCOLOR {
+ /d 8 def
+ gsave
+ translate rotate scale /h exch def /w exch def
+ /bitmapsave save def
+ colorsetup
+ /is w d wbytes string def
+ /cf currentfile def
+ w h d [w 0 0 h neg 0 h]
+ {cf is readhexstring pop} {is} {is} true 3 colorimage
+ bitmapsave restore
+ grestore
+ } bind def
+/BITMAPCOLORc {
+ /d 8 def
+ gsave
+ translate rotate scale /h exch def /w exch def
+ /lb w d wbytes def
+ sl lb lt {lb ms} if
+ /bitmapsave save def
+ colorsetup
+ /is im 0 lb getinterval def
+ ws 0 lb getinterval is copy pop
+ /cf currentfile def
+ w h d [w 0 0 h neg 0 h]
+ {ip} {is} {is} true 3 colorimage
+ bitmapsave restore
+ grestore
+ } bind def
+/BITMAPGRAY {
+ 8 {fakecolorsetup} COMMONBITMAP
+ } bind def
+/BITMAPGRAYc {
+ 8 {fakecolorsetup} COMMONBITMAPc
+ } bind def
+/ENDBITMAP {
+ } bind def
+end
+%%EndProlog
+%%BeginSetup
+(2.0) FMVERSION
+1 1 612 792 0 1 16 FMDOCUMENT
+/fillprocs 32 array def
+fillprocs 0 { 0.000000 grayness } put
+fillprocs 1 { 0.100000 grayness } put
+fillprocs 2 { 0.300000 grayness } put
+fillprocs 3 { 0.500000 grayness } put
+fillprocs 4 { 0.700000 grayness } put
+fillprocs 5 { 0.900000 grayness } put
+fillprocs 6 { 0.970000 grayness } put
+fillprocs 7 { 1.000000 grayness } put
+fillprocs 8 {<0f87c3e1f0783c1e> 8 1 setpattern } put
+fillprocs 9 {<0f1e3c78f0e1c387> 8 1 setpattern } put
+fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
+fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
+fillprocs 12 {<8142241818244281> 8 1 setpattern } put
+fillprocs 13 {<8040201008040201> 8 1 setpattern } put
+fillprocs 14 {<03060c183060c081> 8 1 setpattern } put
+fillprocs 15 {} put
+fillprocs 16 { 1.000000 grayness } put
+fillprocs 17 { 0.900000 grayness } put
+fillprocs 18 { 0.700000 grayness } put
+fillprocs 19 { 0.500000 grayness } put
+fillprocs 20 { 0.300000 grayness } put
+fillprocs 21 { 0.100000 grayness } put
+fillprocs 22 { 0.030000 grayness } put
+fillprocs 23 { 0.000000 grayness } put
+fillprocs 24 {<f0783c1e0f87c3e1> 8 1 setpattern } put
+fillprocs 25 {<f0e1c3870f1e3c78> 8 1 setpattern } put
+fillprocs 26 {<3333333333333333> 8 1 setpattern } put
+fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
+fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
+fillprocs 29 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
+fillprocs 30 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
+fillprocs 31 {} put
+%%EndSetup
+0 12 /Helvetica-Bold FMDEFINEFONT
+1 12 /Helvetica-BoldOblique FMDEFINEFONT
+%%Page: "-1" 1
+%%BeginPaperSize: Letter
+%%EndPaperSize
+612 792 0 FMBEGINPAGE
+144 144 468 396 R
+7 X
+0 K
+V
+0 F
+0 X
+1.2 (IMPLEMENT) 178.34 388 S
+1.2 (A) 258.88 388 S
+1.2 (TION NOTES ON ) 267.85 388 S
+1 F
+1.2 (bdes) 382.61 388 S
+0 F
+1.2 (\0501\051) 415.4 388 S
+1.2 (Matt Bishop) 265.09 338 S
+1.2 (T) 197.74 288 S
+1.2 (echnical Report PCS-TR91-158) 205.38 288 S
+FMENDPAGE
+%%EndPage: "-1" 2
+%%Page: "0" 2
+612 792 0 FMBEGINPAGE
+72 72 540 720 R
+7 X
+0 K
+V
+FMENDPAGE
+%%EndPage: "0" 3
+0 12 /Times-Roman FMDEFINEFONT
+1 18 /Times-Bold FMDEFINEFONT
+2 18 /Times-BoldItalic FMDEFINEFONT
+3 12 /Times-Italic FMDEFINEFONT
+4 12 /Times-Bold FMDEFINEFONT
+5 10 /Times-Roman FMDEFINEFONT
+6 12 /Courier FMDEFINEFONT
+7 12 /Courier-Oblique FMDEFINEFONT
+8 12 /ZapfDingbats FMDEFINEFONT
+9 12 /Symbol FMDEFINEFONT
+10 12 /Courier-Bold FMDEFINEFONT
+%%Page: "1" 3
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 1 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+1 F
+0 X
+(Implementation Notes on ) 179.84 708 T
+2 F
+(bdes) 378.21 708 T
+1 F
+(\0501\051) 411.19 708 T
+0 F
+( ) 432.17 708 T
+3 F
+(Matt Bishop) 276.51 676 T
+0 F
+(Department of Mathematics and Computer Science) 182.92 656 T
+(Dartmouth College) 259.86 642 T
+(Hanover) 257.45 628 T
+(, NH 03755) 298.26 628 T
+3 F
+(ABSTRACT) 277.68 602 T
+0 F
+0.27 (This note describes the implementation of ) 108 582 P
+3 F
+0.27 (bdes) 314.13 582 P
+0 F
+0.27 (, the \336le encryption program being) 336.12 582 P
+0.36 (distributed in the 4.4 release of the Berkeley Software Distribution. It implements) 108 568 P
+(all modes of the Data Encryption Standard program.) 108 554 T
+4 F
+(1. Intr) 72 528 T
+(oduction) 104.43 528 T
+0 F
+-0.09 (The Data Encryption Standard is a standard endorsed by the federal government. It is con-) 108 504 P
+-0.56 (siderably stronger than the algorithm used by the ) 72 484 P
+5 F
+-0.47 (UNIX) 305.36 484 P
+0 F
+-0.56 (\252 ) 330.34 484 P
+3 F
+-0.56 (crypt) 344.53 484 P
+0 F
+-0.56 (\0501\051 program, and therefore is a more) 369.18 484 P
+0.11 (suitable candidate for protecting information, especially information contained in ) 72 464 P
+5 F
+0.09 (ASCII) 466.05 464 P
+0 F
+0.11 ( \336les. The) 492.14 464 P
+-0.65 (program ) 72 444 P
+3 F
+-0.65 (bdes) 114.99 444 P
+0 F
+-0.65 (\0501\051 implements the DES and all of its modes, including the two authentication modes.) 136.97 444 P
+-0.59 (Because others may wish to write software compatible with this program, this note presents) 108 420 P
+-0.04 (the layout of the encrypted \336les produced by ) 72 400 P
+3 F
+-0.04 (bdes) 288.86 400 P
+0 F
+-0.04 ( as well as internal details relevant to the imple-) 310.85 400 P
+-0.15 (mentation. Whereever possible and appropriate, the description of the ) 72 380 P
+3 F
+-0.15 (des) 408.04 380 P
+0 F
+-0.15 (\0501\051 program given in [4]) 424.03 380 P
+-0.2 (has been followed; thus, ) 72 360 P
+3 F
+-0.2 (bdes) 190.77 360 P
+0 F
+-0.2 ( is completely compatible with that program. However) 212.75 360 P
+-0.2 (, ) 473.33 360 P
+3 F
+-0.2 (bdes) 479.12 360 P
+0 F
+-0.2 ( also of-) 501.11 360 P
+(fers several extensions to ) 72 340 T
+3 F
+(des) 195.9 340 T
+0 F
+( that are not compatible, and these will be explicitly pointed out.) 211.89 340 T
+-0.14 (In this note, strings typed as shown will be in ) 108 316 P
+6 F
+-0.34 (Courier Roman font) 326.78 316 P
+0 F
+-0.14 (, and strings to be) 455.62 316 P
+-0.42 (chosen by the user will be in ) 72 296 P
+7 F
+-1 (Courier Oblique font) 209.32 296 P
+0 F
+-0.42 (. The space character \050) 351.24 296 P
+5 F
+-0.35 (ASCII) 457.79 296 P
+0 F
+-0.42 ( <) 483.88 296 P
+5 F
+-0.35 (SP) 493.23 296 P
+0 F
+-0.42 (>, octal) 504.34 296 P
+-0.43 (40, decimal 32, hex 20\051 will be represented as \322) 72 276 P
+8 F
+-0.47 (z) 296.98 276 P
+0 F
+-0.43 (\323 and the newline character \050) 301.96 276 P
+5 F
+-0.35 (ASCII) 438.03 276 P
+0 F
+-0.43 ( <) 464.13 276 P
+5 F
+-0.35 (NL) 473.46 276 P
+0 F
+-0.43 (>, octal 12,) 486.79 276 P
+-0.05 (decimal 10, hex a\051 as \322) 72 256 P
+9 F
+-0.05 (\277) 181.65 256 P
+0 F
+-0.05 (\323. Because it is often more convenient to represent arbitrary characters as) 189.54 256 P
+1.13 (a sequence of hexadecimal digits, that representation will often be used; these digits will be in) 72 236 P
+10 F
+(Courier Bold font) 72 216 T
+0 F
+( with spaces often inserted for readability) 194.33 216 T
+(.) 392.07 216 T
+4 F
+(2. Overview and Use) 72 184 T
+3 F
+-0.39 (Bdes) 108 160 P
+0 F
+-0.39 ( implements the Data Encryption Standard algorithm in software, and enables the user) 131.32 160 P
+-0.61 (to encrypt data using any of the four modes of operation of the DES \050Electronic Code Book, Cipher) 72 140 P
+72 72 540 720 C
+72 72 540 117 C
+72 72 549 108 R
+7 X
+0 K
+V
+5 F
+0 X
+(This work is based on work funded by grant NAG2-680 from the National
+Aeronautics and Space Administration to ) 72 101.33 T
+(Dartmouth College.) 72 89.33 T
+(UNIX is a Registered T) 72 77.33 T
+(rademark of A) 166.58 77.33 T
+(T&T Bell Laboratories.) 223.75 77.33 T
+72 72 540 720 C
+0 0 612 792 C
+72 126 225 126 2 L
+7 X
+0 K
+V
+0.5 H
+2 Z
+0 X
+N
+FMENDPAGE
+%%EndPage: "1" 4
+%%Page: "2" 4
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 2 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+0.31 (Block Chaining, ) 72 712 P
+3 F
+0.31 (k) 154.25 712 P
+0 F
+0.31 (-bit Cipher Feed Back, and ) 159.58 712 P
+3 F
+0.31 (k) 293.71 712 P
+0 F
+0.31 (-bit Output Feed Back\051 as well as the Alternate ) 299.04 712 P
+3 F
+0.31 (k) 530.68 712 P
+0 F
+0.31 (-) 536.01 712 P
+-0.04 (bit Cipher Feed Back mode. Further) 72 692 P
+-0.04 (, ) 244.52 692 P
+3 F
+-0.04 (bdes) 250.48 692 P
+0 F
+-0.04 ( supports message authentication code generation based) 272.46 692 P
+(on both the Cipher Block Chaining mode and the ) 72 672 T
+3 F
+(k) 310.86 672 T
+0 F
+(-bit Cipher Feed Back mode.) 316.19 672 T
+0.07 (By default, ) 108 648 P
+3 F
+0.07 (bdes) 164.43 648 P
+0 F
+0.07 ( encrypts an input \336le using Cipher Block Chaining mode, and is invoked) 186.41 648 P
+-0.4 (as a \336lter) 72 628 P
+-0.4 (. The key may be speci\336ed either on the command line or may be typed to the prompt. So,) 114.51 628 P
+(if the input \336le ) 72 608 T
+7 F
+(inputf) 145.96 608 T
+(ile) 189.14 608 T
+0 F
+( contains the message) 210.73 608 T
+6 F
+(a) 253.9 584 T
+8 F
+(z) 261.1 584 T
+6 F
+(test) 266.07 584 T
+8 F
+(z) 294.86 584 T
+6 F
+(message) 299.83 584 T
+9 F
+(\277) 350.21 584 T
+0 F
+(then the following command encrypts it using the key ) 72 560 T
+6 F
+(abcdefgh) 333.5 560 T
+0 F
+(:) 391.07 560 T
+6 F
+(bdes -k abcdefgh < ) 158.48 536 T
+7 F
+(inputf) 295.21 536 T
+(ile) 338.38 536 T
+6 F
+( > ) 359.97 536 T
+7 F
+(outputf) 381.56 536 T
+(ile) 431.93 536 T
+0 F
+(The option ) 72 512 T
+4 F
+(-k) 127.3 512 T
+0 F
+( indicates the next ar) 137.96 512 T
+(gument is the key) 237.01 512 T
+(. Now ) 321.17 512 T
+7 F
+(outputf) 353.48 512 T
+(ile) 403.86 512 T
+0 F
+( contains) 425.45 512 T
+10 F
+(16 0e eb af 68 a0 d0 19 f1 a2 9b 31 0d 8a 01 c3) 136.89 488 T
+0 F
+0.06 (Other modes are speci\336ed using command-line options, as is control of the way the key is) 108 464 P
+(interpreted. The next sections contain several examples, and the Appendix has the manual page.) 72 444 T
+4 F
+(3. Keys and Parity) 72 412 T
+0 F
+0.58 (The key consists of 64 bits, and may be presented in any of hex, binary) 108 388 P
+0.58 (, or as a string of) 456.48 388 P
+5 F
+0.12 (ASCII) 72 368 P
+0 F
+0.14 ( characters. If the key is given in hex or binary) 98.1 368 P
+0.14 (, it is used as is with no changes. However) 322.21 368 P
+0.14 (, if) 526.53 368 P
+-0.27 (the key is given in ) 72 348 P
+5 F
+-0.23 (ASCII) 161.59 348 P
+0 F
+-0.27 (, a delicate problem arises: by convention, the parity bit is usually set to 0.) 187.69 348 P
+-0.47 (This high-order bit is generally ignored by applications; but the DES
+does not do so. Instead, it dis-) 72 328 P
+-0.14 (cards the low-order bit, ef) 72 308 P
+-0.14 (fectively reducing the size of the space of possible keys from 2) 195.44 308 P
+5 F
+-0.12 (56) 495.97 312.8 P
+0 F
+-0.14 ( to 2) 505.97 308 P
+5 F
+-0.12 (48) 527.01 312.8 P
+0 F
+-0.14 (.) 537 308 P
+-0.46 ( T) 108 284 P
+-0.46 (o preserve the size of the key space, the value of the parity bit must be related to the value) 117.03 284 P
+-0.09 (in the low-order bit, so the program sets the high-order bit to make each character in the key be of) 72 264 P
+-0.7 (odd parity) 72 244 P
+-0.7 (. \050Note that the initial value of the parity bit is ) 119.49 244 P
+3 F
+-0.7 (not) 334.99 244 P
+0 F
+-0.7 ( used in this computation.\051 For example,) 350.31 244 P
+(if the key is ) 72 224 T
+6 F
+(abcdefgh) 131.29 224 T
+0 F
+(, the actual key bits used are determined as follows:) 188.86 224 T
+5 F
+(ASCII) 99 200 T
+0 F
+( key) 125.1 200 T
+6 F
+(a) 243 200 T
+(b) 279 200 T
+(c) 315 200 T
+(d) 351 200 T
+(e) 387 200 T
+(f) 423 200 T
+(g) 459 200 T
+(h) 495 200 T
+5 F
+(ASCII) 99 180 T
+0 F
+( key bits \050hex\051) 125.1 180 T
+10 F
+(61) 243 180 T
+(62) 279 180 T
+(63) 315 180 T
+(64) 351 180 T
+(65) 387 180 T
+(66) 423 180 T
+(67) 459 180 T
+(68) 495 180 T
+0 F
+(parity) 99 160 T
+(odd) 243 160 T
+(odd) 279 160 T
+(even) 315 160 T
+(odd) 351 160 T
+(even) 387 160 T
+(even) 423 160 T
+(odd) 459 160 T
+(odd) 495 160 T
+(key bits used \050hex\051) 99 140 T
+10 F
+(61) 243 140 T
+(62) 279 140 T
+(e3) 315 140 T
+(64) 351 140 T
+(e5) 387 140 T
+(e6) 423 140 T
+(67) 459 140 T
+(68) 495 140 T
+0 F
+0.18 (This convention \050as opposed to requiring even parity) 108 120 P
+0.18 (, or simply copying the low-order bit) 362 120 P
+-0.41 (to the high-order bit\051 was chosen to provide compatibility with the encryption program ) 72 100 P
+3 F
+-0.41 (des) 486.77 100 P
+0 F
+-0.41 ( distrib-) 502.76 100 P
+-0.52 (uted by Sun Microsystems, Inc. [4]. Whether the key is entered on the command line or on the key-) 72 80 P
+FMENDPAGE
+%%EndPage: "2" 5
+%%Page: "3" 5
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 3 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+1.89 (board, by default it is processed into the same key schedule generated by Sun\325) 72 712 P
+1.89 (s ) 471.02 712 P
+3 F
+1.89 (des) 480.58 712 P
+0 F
+1.89 (, so \336les) 496.56 712 P
+(encrypted on a Sun can be decrypted using ) 72 692 T
+3 F
+(bdes) 280.51 692 T
+0 F
+( \050and vice versa\051.) 302.49 692 T
+-0.3 (If the user does not wish to use the Sun convention, the option \320) 108 668 P
+4 F
+-0.3 (p) 411.9 668 P
+0 F
+-0.3 ( will disable the parity bit) 418.57 668 P
+-0.62 (changing; with it, the parity bit is that of the character typed. This
+is useful when the key is a known) 72 648 P
+5 F
+(ASCII) 72 628 T
+0 F
+( string and the \336le was encrypted on a system which does not alter parity bits.) 98.1 628 T
+-0.24 (A key may be represented as a bit vector) 108 604 P
+-0.24 (, rather than an ) 300.74 604 P
+5 F
+-0.2 (ASCII) 374.7 604 P
+0 F
+-0.24 ( string, in one of two ways. It) 400.8 604 P
+0.19 (may be represented as a string of up to 16 hexadecimal digits; if fewer than 16 are given, the key) 72 584 P
+0.16 (is right \336lled with 0 bits. Or) 72 564 P
+0.16 (, it may be represented as a string of up to 64 binary digits, and again) 206.11 564 P
+0.15 (if fewer than 64 are given, the key is right-\336lled with 0 bits. Bit
+vector keys must be given on the) 72 544 P
+0.51 (command line, and must begin with the characters ) 72 524 P
+6 F
+1.24 (0x) 320.28 524 P
+0 F
+0.51 ( or ) 334.67 524 P
+6 F
+1.24 (0X) 351.69 524 P
+0 F
+0.51 ( \050for hexadecimal\051 or ) 366.08 524 P
+6 F
+1.24 (0b) 472.71 524 P
+0 F
+0.51 ( or ) 487.1 524 P
+6 F
+1.24 (0B) 504.12 524 P
+0 F
+0.51 ( \050for) 518.51 524 P
+(binary\051. For example, all of the following strings generate the same key schedule:) 72 504 T
+5 F
+(ASCII) 72 480 T
+0 F
+( key) 98.1 480 T
+6 F
+(abcdefgh) 180 480 T
+0 F
+(hexadecimal key) 72 460 T
+6 F
+(0x6162e364e5e66768) 180 460 T
+0 F
+(binary key) 72 440 T
+6 F
+(0b0110000101100010111000110110100011100101111000-) 180 440 T
+(1100110011101101000) 180 420 T
+0 F
+-0.14 ( Note that giving the key on the command line as ) 108 396 P
+6 F
+-0.34 (0x6162636465666768) 345.27 396 P
+0 F
+-0.14 ( will ) 474.8 396 P
+3 F
+-0.14 (not) 499.17 396 P
+0 F
+-0.14 ( reset) 514.5 396 P
+0.25 (the parity bits, because it is interpreted as a sequence of hex digits, not ) 72 376 P
+5 F
+0.21 (ASCII) 416.58 376 P
+0 F
+0.25 ( characters. The dif-) 442.68 376 P
+0.69 (ference in interpretation is that here the user can specify all bits of the key exactly) 72 356 P
+0.69 (, whereas \050on) 474.34 356 P
+0.25 (most terminals\051 it is not possible to control how the parity bit of ) 72 336 P
+5 F
+0.21 (ASCII) 384.76 336 P
+0 F
+0.25 ( characters is set. On some) 410.85 336 P
+0.36 (systems, it is possible to use a \322Meta\323 key to set the parity bit for an ) 72 316 P
+5 F
+0.3 (ASCII) 407.23 316 P
+0 F
+0.36 ( character; should this) 433.33 316 P
+-0.3 (be the case and the user desire ) 72 296 P
+3 F
+-0.3 (bdes) 218.09 296 P
+0 F
+-0.3 ( not to reset the parity bit, the option ) 240.07 296 P
+4 F
+-0.3 (\320p) 415.25 296 P
+0 F
+-0.3 ( will force the parity bit) 427.92 296 P
+(to be used as typed.) 72 276 T
+4 F
+(4. Encryption Output Repr) 72 244 T
+(esentation) 211.05 244 T
+0 F
+0.01 (All modes of the DES output ciphertext in blocks; the size of the block is 64 bits \0508 bytes\051) 108 220 P
+-0.25 (for ECB and CBC modes, and ) 72 200 P
+3 F
+-0.25 (k) 218.74 200 P
+0 F
+-0.25 ( bits for the ) 224.07 200 P
+3 F
+-0.25 (k) 281.02 200 P
+0 F
+-0.25 (-bit CFB and OFB modes, and there are as many out-) 286.35 200 P
+-0.5 (put blocks as input blocks. However) 72 180 P
+-0.5 (, as the length of the input is usually not a multiple of the block) 243.55 180 P
+-0.35 (size, some padding is necessary; but as padding must be done by appending characters, these char-) 72 160 P
+0.29 (acters must be distinguished from the input characters somehow) 72 140 P
+0.29 (. The mechanism used is that the) 381.35 140 P
+0.31 (last character of the \050decrypted\051 last block is the
+\050integer\051 number of characters from the input in) 72 120 P
+(the last block.) 72 100 T
+FMENDPAGE
+%%EndPage: "3" 6
+%%Page: "4" 6
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 4 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+-0.59 (For example, suppose ) 108 712 P
+7 F
+-1.41 (inputf) 214.16 712 P
+-1.41 (ile) 257.34 712 P
+0 F
+-0.59 ( contains \322) 278.93 712 P
+6 F
+-1.41 (This) 329.04 712 P
+8 F
+-0.65 (z) 357.83 712 P
+6 F
+-1.41 (is) 362.8 712 P
+8 F
+-0.65 (z) 377.2 712 P
+6 F
+-1.41 (a) 382.17 712 P
+8 F
+-0.65 (z) 389.37 712 P
+6 F
+-1.41 (test) 394.35 712 P
+9 F
+-0.59 (\277) 423.13 712 P
+0 F
+-0.59 (\323, and it is encrypted in) 431.02 712 P
+(CBC mode using the key \322) 72 692 T
+6 F
+(abcdef#@) 200.93 692 T
+0 F
+(\323 and the initialization vector ) 258.5 692 T
+6 F
+(0x0) 401.4 692 T
+0 F
+(; the command is) 422.99 692 T
+6 F
+(bdes -k abcdef#@ < ) 158.48 668 T
+7 F
+(inputf) 295.21 668 T
+(ile) 338.38 668 T
+6 F
+( > ) 359.97 668 T
+7 F
+(outputf) 381.56 668 T
+(ile) 431.93 668 T
+0 F
+(as CBC is the default encryption mode and ) 72 644 T
+6 F
+(0x0) 281.2 644 T
+0 F
+( the default initialization vector:) 302.79 644 T
+(text) 72 620 T
+6 F
+(T) 117 620 T
+(h) 144 620 T
+(i) 171 620 T
+(s) 198 620 T
+8 F
+(z) 225 620 T
+6 F
+(i) 252 620 T
+(s) 279 620 T
+8 F
+(z) 306 620 T
+6 F
+(a) 333 620 T
+8 F
+(z) 360 620 T
+6 F
+(t) 387 620 T
+(e) 414 620 T
+(s) 441 620 T
+(t) 468 620 T
+9 F
+(\277) 495 620 T
+0 F
+(hex) 72 600 T
+10 F
+(54) 117 600 T
+(68) 144 600 T
+(69) 171 600 T
+(73) 198 600 T
+(20) 225 600 T
+(69) 252 600 T
+(73) 279 600 T
+(20) 306 600 T
+(61) 333 600 T
+(20) 360 600 T
+(74) 387 600 T
+(65) 414 600 T
+(73) 441 600 T
+(74) 468 600 T
+(0a) 495 600 T
+0 F
+(input) 72 580 T
+10 F
+(54) 117 580 T
+(68) 144 580 T
+(69) 171 580 T
+(73) 198 580 T
+(20) 225 580 T
+(69) 252 580 T
+(73) 279 580 T
+(20) 306 580 T
+(61) 333 580 T
+(20) 360 580 T
+(74) 387 580 T
+(65) 414 580 T
+(73) 441 580 T
+(74) 468 580 T
+(0a) 495 580 T
+(07) 522 580 T
+0 F
+(output) 72 560 T
+10 F
+(a5) 117 560 T
+(5f) 144 560 T
+(81) 171 560 T
+(53) 198 560 T
+(51) 225 560 T
+(98) 252 560 T
+(47) 279 560 T
+(02) 306 560 T
+(db) 333 560 T
+(5a) 360 560 T
+(c5) 387 560 T
+(fe) 414 560 T
+(50) 441 560 T
+(3d) 468 560 T
+(40) 495 560 T
+(ce) 522 560 T
+0 F
+0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 540 P
+3 F
+0.22 (Bdes) 72 520 P
+0 F
+0.22 ( pads this to a full block by appending one byte containing the ) 95.32 520 P
+5 F
+0.19 (ASCII) 399.67 520 P
+0 F
+0.22 ( character with numeric) 425.77 520 P
+(value 7 \050the ) 72 500 T
+5 F
+(ASCII) 131.62 500 T
+0 F
+( character <) 157.71 500 T
+5 F
+(BEL) 214.42 500 T
+0 F
+(>\051. The result is then encrypted.) 233.3 500 T
+0.44 (As another example, suppose ) 108 476 P
+7 F
+1.07 (inputf) 253.34 476 P
+1.07 (ile) 296.52 476 P
+0 F
+0.44 ( contains \322) 318.11 476 P
+6 F
+1.07 (test) 370.29 476 P
+0 F
+0.44 (\323, and it is encrypted in ECB) 399.08 476 P
+(mode using the key \322) 72 456 T
+6 F
+(abcdef#@) 173.93 456 T
+0 F
+(\323; the command is) 231.5 456 T
+6 F
+(bdes -b \320k abcdef#@ < ) 147.69 432 T
+7 F
+(inputf) 306 432 T
+(ile) 349.18 432 T
+6 F
+( > ) 370.76 432 T
+7 F
+(outputf) 392.35 432 T
+(ile) 442.73 432 T
+0 F
+(because the option ) 72 408 T
+4 F
+(\320b) 164.26 408 T
+0 F
+( signi\336es ECB mode:) 176.93 408 T
+(text) 72 384 T
+6 F
+(t) 144 384 T
+(e) 171 384 T
+(s) 198 384 T
+(t) 225 384 T
+0 F
+(hex) 72 364 T
+10 F
+(74) 144 364 T
+(65) 171 364 T
+(73) 198 364 T
+(74) 225 364 T
+0 F
+(input) 72 344 T
+10 F
+(74) 144 344 T
+(65) 171 344 T
+(73) 198 344 T
+(74) 225 344 T
+(00) 252 344 T
+(00) 279 344 T
+(00) 306 344 T
+(04) 333 344 T
+0 F
+(output) 72 324 T
+10 F
+(0d) 144 324 T
+(8a) 171 324 T
+(6e) 198 324 T
+(57) 225 324 T
+(9c) 252 324 T
+(8f) 279 324 T
+(27) 306 324 T
+(5d) 333 324 T
+0 F
+-0.31 (Finally) 108 304 P
+-0.31 (, if the length of the message is indeed a multiple of the block size, an extra block of) 141.21 304 P
+0.83 (all 0 bits is added. Suppose ) 72 284 P
+7 F
+1.99 (inputf) 210.57 284 P
+1.99 (ile) 253.74 284 P
+0 F
+0.83 ( contains \322) 275.33 284 P
+6 F
+1.99 (test) 328.28 284 P
+9 F
+0.83 (\277) 357.07 284 P
+0 F
+0.83 (\323, and it is encrypted in 40-bit CFB) 364.96 284 P
+1.51 (mode using the key \322) 72 264 P
+6 F
+3.62 (abcdef#@) 179.96 264 P
+0 F
+1.51 (\323 and the initialization vector ) 237.53 264 P
+6 F
+3.62 (0x0123456789abcdef) 387.97 264 P
+0 F
+1.51 (; the) 517.5 264 P
+(command is) 72 244 T
+6 F
+-0.99 (bdes -f40 -v0x0123456789abcdef -kabcdef#@ < ) 72 220 P
+7 F
+-0.99 (inputf) 383.67 220 P
+-0.99 (ile) 426.85 220 P
+6 F
+-0.99 ( > ) 448.43 220 P
+7 F
+-0.99 (outputf) 468.04 220 P
+-0.99 (ile) 518.41 220 P
+0 F
+0.16 (because the option ) 72 196 P
+4 F
+0.16 (\320f40 ) 164.75 196 P
+0 F
+0.16 (signi\336es 40-bit CFB mode, and ) 189.89 196 P
+4 F
+0.16 (-v0x01234566789abcdef) 343.96 196 P
+0 F
+0.16 ( sets the initial-) 465.89 196 P
+(ization vector \050note that spaces between the option and its ar) 72 176 T
+(gument are optional\051:) 361.57 176 T
+(text) 72 152 T
+6 F
+(t) 144 152 T
+(e) 171 152 T
+(s) 198 152 T
+(t) 225 152 T
+9 F
+(\277) 252 152 T
+0 F
+(hex) 72 132 T
+10 F
+(74) 144 132 T
+(65) 171 132 T
+(73) 198 132 T
+(74) 225 132 T
+(0a) 252 132 T
+0 F
+(input) 72 112 T
+10 F
+(74) 144 112 T
+(65) 171 112 T
+(73) 198 112 T
+(74) 225 112 T
+(0a) 252 112 T
+(00) 279 112 T
+(00) 306 112 T
+(00) 333 112 T
+(00) 360 112 T
+(00) 387 112 T
+0 F
+(output) 72 92 T
+10 F
+(e2) 144 92 T
+(c2) 171 92 T
+(69) 198 92 T
+(a4) 225 92 T
+(5b) 252 92 T
+(3c) 279 92 T
+(3d) 306 92 T
+(b3) 333 92 T
+(f5) 360 92 T
+(3c) 387 92 T
+FMENDPAGE
+%%EndPage: "4" 7
+1 12 /Times-BoldItalic FMDEFINEFONT
+2 14 /Symbol FMDEFINEFONT
+%%Page: "5" 7
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 5 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+(Note here the block size is 40 bits \0505 bytes\051, not 64 bits \0508 bytes\051.) 108 712 T
+-0.4 (This technique allows complete compatibility with Sun\325) 108 688 P
+-0.4 (s ) 374.11 688 P
+3 F
+-0.4 (des) 381.37 688 P
+0 F
+-0.4 ( program. In Sun\325) 397.36 688 P
+-0.4 (s implemen-) 480.77 688 P
+0.02 (tation, padding is done with random bytes rather than bytes containing all zero bits. Cryptograph-) 72 668 P
+0.85 (ically) 72 648 P
+0.85 (, this makes no dif) 97.87 648 P
+0.85 (ference, as the DES is a suf) 189.32 648 P
+0.85 (\336ciently good random cipher to obscure the) 325.74 648 P
+(input \050see for example [2], Chapter 6\051, and known plaintext attacks are very dif) 72 628 T
+(\336cult [1].) 451.82 628 T
+4 F
+(5. Differ) 72 596 T
+(ences Between the Standard CFB and OFB Modes and ) 114.41 596 T
+1 F
+(bdes) 397.26 596 T
+0 F
+-0.11 (The UNIX operating system treats all \336les as streams of 8-bit bytes. In order to implement) 108 572 P
+-0.08 (the CFB and OFB modes properly) 72 552 P
+-0.08 (, it would be necessary to read ) 235.74 552 P
+3 F
+-0.08 (k) 383.74 552 P
+0 F
+-0.08 ( bits from the \336le, where ) 389.07 552 P
+3 F
+-0.08 (k) 509.51 552 P
+0 F
+-0.08 ( is an) 514.84 552 P
+0.98 (integer between 1 and 64 inclusive. However) 72 532 P
+0.98 (, this would require considerable buf) 294.22 532 P
+0.98 (fering and be) 474.77 532 P
+0.23 (quite inef) 72 512 P
+0.23 (\336cient and prohibitively slow) 117.65 512 P
+0.23 (. For these reasons, the current implementation of ) 258.48 512 P
+3 F
+0.23 (bdes) 501.48 512 P
+0 F
+0.23 ( re-) 523.46 512 P
+0.47 (quires that ) 72 492 P
+3 F
+0.47 (k) 126.23 492 P
+0 F
+0.47 ( be a multiple of 8, so that an integral number of bytes will always be read from the) 131.56 492 P
+(\336le. Other than this change, this mode is implemented as described in [3].) 72 472 T
+-0.58 (A similar observation holds for the alternate CFB mode described in [3]. Here, only the low) 108 448 P
+0.23 (7 bits of each byte are signi\336cant, and hence the parameter ) 72 428 P
+3 F
+0.23 (k) 358.95 428 P
+0 F
+0.23 ( is an integer from 1 to 56 inclusive;) 364.28 428 P
+(bdes requires k to be a multiple of 7. The high-order bit is retained for encryption and decryption,) 72 408 T
+(but output \050whether from encryption or decryption\051 always has the high-order bit set to zero.) 72 388 T
+4 F
+(6. Message Authentication Code Modes) 72 356 T
+0 F
+0.57 (The Data Encryption Standard provides two modes of authentication, each providing be-) 108 332 P
+1.27 (tween 1 and 64 bits of authentication data. In both cases an ) 72 312 P
+3 F
+1.27 (n) 373.32 312 P
+0 F
+1.27 (-bit message authentication code) 379.32 312 P
+0.62 (\050MAC\051 is generated, where 1) 72 292 P
+2 F
+0.73 ( ) 214.71 292 P
+9 F
+0.62 (\243) 218.94 292 P
+0 F
+0.62 ( ) 225.52 292 P
+3 F
+0.62 (n) 229.15 292 P
+0 F
+0.62 ( ) 235.14 292 P
+9 F
+0.62 (\243) 238.76 292 P
+0 F
+0.62 ( 64. The \336rst is based on the CBC encryption mode, and the) 245.35 292 P
+(second on CFB mode. Both work the same.) 72 272 T
+0.13 (First, the \336le is padded to a multiple of the block size by appending enough zero bits. It is) 108 248 P
+-0.16 (then encrypted using the standard CBC \050or CFB\051 algorithm, but
+all encrypted text is discarded ex-) 72 228 P
+-0.44 (cept for the last block. The ) 72 208 P
+3 F
+-0.44 (n) 200.9 208 P
+0 F
+-0.44 ( leading bits of the last block are used as the MAC. Note that the block) 206.9 208 P
+(size constrains the number of bits available as the MAC.) 72 188 T
+0.71 (The implementation allows the user to specify that the MAC is to be computed in either) 108 164 P
+-0.01 (CBC or CFB mode, and the user can specify any number of bits from 1 to 64 inclusive. However) 72 144 P
+-0.01 (,) 537 144 P
+-0.11 (because the UNIX operating system can only output bits in multiples of 8, if the number of bits of) 72 124 P
+-0.08 (MAC is not a multiple of 8, the MAC will be right-padded with the minimum number of zero bits) 72 104 P
+-0.31 (necessary to make the MAC length be a multiple of 8. However) 72 84 P
+-0.31 (, note that as the standard \050[3], Ap-) 374.6 84 P
+FMENDPAGE
+%%EndPage: "5" 8
+%%Page: "6" 8
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 6 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+-0.14 (pendix F\051 requires an incomplete \336nal block be right-padded with
+zeroes, the technique of forcing) 72 712 P
+(the last octet to contain the number of bytes in the message is ) 72 692 T
+3 F
+(not) 369.47 692 T
+0 F
+( used here.) 384.8 692 T
+-0.39 (For example, suppose ) 108 668 P
+7 F
+-0.94 (inputf) 214.76 668 P
+-0.94 (ile) 257.93 668 P
+0 F
+-0.39 ( contains \322) 279.52 668 P
+6 F
+-0.94 (This) 330.04 668 P
+8 F
+-0.43 (z) 358.82 668 P
+6 F
+-0.94 (is) 363.8 668 P
+8 F
+-0.43 (z) 378.19 668 P
+6 F
+-0.94 (a) 383.17 668 P
+8 F
+-0.43 (z) 390.36 668 P
+6 F
+-0.94 (test) 395.34 668 P
+9 F
+-0.39 (\277) 424.13 668 P
+0 F
+-0.39 (\323, and a 64-bit MAC is) 432.02 668 P
+-0.73 (to be generated using CBC mode, the key \322) 72 648 P
+6 F
+-1.74 (abcdef#@) 274.39 648 P
+0 F
+-0.73 (\323 and the initialization vector ) 331.96 648 P
+6 F
+-1.74 (0x0) 471.23 648 P
+0 F
+-0.73 (; the com-) 492.82 648 P
+(mand is) 72 628 T
+6 F
+(bdes -m 64 -k abcdef#@ < ) 136.89 604 T
+7 F
+(inputf) 316.79 604 T
+(ile) 359.97 604 T
+6 F
+( > ) 381.56 604 T
+7 F
+(outputf) 403.15 604 T
+(ile) 453.52 604 T
+0 F
+(as CBC is the default encryption mode and ) 72 580 T
+6 F
+(0x0) 281.2 580 T
+0 F
+( the default initialization vector:) 302.79 580 T
+(text) 72 556 T
+6 F
+(T) 117 556 T
+(h) 144 556 T
+(i) 171 556 T
+(s) 198 556 T
+8 F
+(z) 225 556 T
+6 F
+(i) 252 556 T
+(s) 279 556 T
+8 F
+(z) 306 556 T
+6 F
+(a) 333 556 T
+8 F
+(z) 360 556 T
+6 F
+(t) 387 556 T
+(e) 414 556 T
+(s) 441 556 T
+(t) 468 556 T
+9 F
+(\277) 495 556 T
+0 F
+(hex) 72 536 T
+10 F
+(54) 117 536 T
+(68) 144 536 T
+(69) 171 536 T
+(73) 198 536 T
+(20) 225 536 T
+(69) 252 536 T
+(73) 279 536 T
+(20) 306 536 T
+(61) 333 536 T
+(20) 360 536 T
+(74) 387 536 T
+(65) 414 536 T
+(73) 441 536 T
+(74) 468 536 T
+(0a) 495 536 T
+0 F
+(input) 72 516 T
+10 F
+(54) 117 516 T
+(68) 144 516 T
+(69) 171 516 T
+(73) 198 516 T
+(20) 225 516 T
+(69) 252 516 T
+(73) 279 516 T
+(20) 306 516 T
+(61) 333 516 T
+(20) 360 516 T
+(74) 387 516 T
+(65) 414 516 T
+(73) 441 516 T
+(74) 468 516 T
+(0a) 495 516 T
+(00) 522 516 T
+0 F
+(output) 72 496 T
+10 F
+(43) 117 496 T
+(18) 144 496 T
+(de) 171 496 T
+(74) 198 496 T
+(24) 225 496 T
+(a9) 252 496 T
+(65) 279 496 T
+(d1) 306 496 T
+0 F
+0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 476 P
+3 F
+(Bdes) 72 456 T
+0 F
+( pads this to a full block by appending a zero-\336lled byte. The result is then encrypted and the) 95.32 456 T
+(last block of output is used as the MAC.) 72 436 T
+0.06 (As another example, suppose we used the same text, and wanted a 36-bit MAC to be gen-) 108 412 P
+6.91 (erated using 40-bit CFB mode, the key \322) 72 392 P
+6 F
+16.58 (abcdef#@) 314.9 392 P
+0 F
+6.91 (\323 and the initialization vector) 372.47 392 P
+6 F
+(0x0123456789abcdef) 72 372 T
+0 F
+(; the command is) 201.53 372 T
+6 F
+(bdes -m 36 -f 40 -v 0x0123456789abcdef < ) 79.32 348 T
+7 F
+(inputf) 374.36 348 T
+(ile) 417.54 348 T
+6 F
+( > ) 439.13 348 T
+7 F
+(outputf) 460.71 348 T
+(ile) 511.09 348 T
+0 F
+-0.19 (where ) 72 324 P
+4 F
+-0.19 (\320m 36) 104.11 324 P
+0 F
+-0.19 ( is the option to generate a 36-bit MAC, ) 134.91 324 P
+4 F
+-0.19 (\320f 40) 327.79 324 P
+0 F
+-0.19 ( indicates 40-bit CFB is to be used, and) 352.58 324 P
+4 F
+-0.31 (\320v 0x123456789abcdef) 72 304 P
+0 F
+-0.31 ( sets the initialization vector) 186.62 304 P
+-0.31 (. Note that, as the key is not given on the com-) 319.95 304 P
+(mand line, the user will be prompted for it. It gives:) 72 284 T
+(text) 72 260 T
+6 F
+(T) 117 260 T
+(h) 144 260 T
+(i) 171 260 T
+(s) 198 260 T
+8 F
+(z) 225 260 T
+6 F
+(i) 252 260 T
+(s) 279 260 T
+8 F
+(z) 306 260 T
+6 F
+(a) 333 260 T
+8 F
+(z) 360 260 T
+6 F
+(t) 387 260 T
+(e) 414 260 T
+(s) 441 260 T
+(t) 468 260 T
+9 F
+(\277) 495 260 T
+0 F
+(hex) 72 240 T
+10 F
+(54) 117 240 T
+(68) 144 240 T
+(69) 171 240 T
+(73) 198 240 T
+(20) 225 240 T
+(69) 252 240 T
+(73) 279 240 T
+(20) 306 240 T
+(61) 333 240 T
+(20) 360 240 T
+(74) 387 240 T
+(65) 414 240 T
+(73) 441 240 T
+(74) 468 240 T
+(0a) 495 240 T
+0 F
+(input) 72 220 T
+10 F
+(54) 117 220 T
+(68) 144 220 T
+(69) 171 220 T
+(73) 198 220 T
+(20) 225 220 T
+(69) 252 220 T
+(73) 279 220 T
+(20) 306 220 T
+(61) 333 220 T
+(20) 360 220 T
+(74) 387 220 T
+(65) 414 220 T
+(73) 441 220 T
+(74) 468 220 T
+(0a) 495 220 T
+0 F
+(output) 72 200 T
+10 F
+(2b) 117 200 T
+(18) 144 200 T
+(68) 171 200 T
+(2d) 198 200 T
+(60) 225 200 T
+0 F
+0.19 (Note that the MAC is padded on the right by four zero bits to produce \336ve characters that) 108 180 P
+(can be output.) 72 160 T
+4 F
+(7. Differ) 72 128 T
+(ences Between ) 114.41 128 T
+1 F
+(bdes) 191.01 128 T
+4 F
+( and Sun\325) 212.99 128 T
+(s DES Implementation) 261.88 128 T
+0 F
+0.02 (The program ) 108 104 P
+3 F
+0.02 (bdes) 173.33 104 P
+0 F
+0.02 ( is designed to be completely compatible with Sun Microsystems, Inc.\325) 195.31 104 P
+0.02 (s) 535.33 104 P
+0.57 (implementation of the Data Encryption Standard, called ) 72 84 P
+3 F
+0.57 (des) 347.14 84 P
+0 F
+0.57 ( and described in [4]. Thus, \336les en-) 363.13 84 P
+FMENDPAGE
+%%EndPage: "6" 9
+%%Page: "7" 9
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 7 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+0.44 (crypted using ) 72 712 P
+3 F
+0.44 (des) 140.84 712 P
+0 F
+0.44 ( can be decrypted using ) 156.83 712 P
+3 F
+0.44 (bdes) 275.29 712 P
+0 F
+0.44 (, and vice versa, provided modes common to both) 297.27 712 P
+-0.34 (are used. However) 72 692 P
+-0.34 (, ) 160.41 692 P
+3 F
+-0.34 (bdes) 166.06 692 P
+0 F
+-0.34 ( does not allow \336les to be named on the command line, nor does it support) 188.05 692 P
+-0.68 (hardware devices \050and so the ) 72 672 P
+4 F
+-0.68 (-s) 210.83 672 P
+0 F
+-0.68 ( and ) 219.49 672 P
+4 F
+-0.68 (-f) 241.45 672 P
+0 F
+-0.68 ( options of Sun\325) 249.44 672 P
+-0.68 (s ) 323.71 672 P
+3 F
+-0.68 (des) 330.7 672 P
+0 F
+-0.68 ( are not available\051. Further) 346.69 672 P
+-0.68 (, as encryption) 471.07 672 P
+-0.05 (is the default, the Sun ) 72 652 P
+3 F
+-0.05 (des) 179.01 652 P
+0 F
+-0.05 ( ) 195 652 P
+4 F
+-0.05 (-e) 197.95 652 P
+0 F
+-0.05 ( option is not recognized. As the manual page to ) 207.27 652 P
+3 F
+-0.05 (bdes) 441.6 652 P
+0 F
+-0.05 ( is in the appen-) 463.59 652 P
+(dix, these dif) 72 632 T
+(ferences will not be elaborated upon further) 134.08 632 T
+(.) 343.24 632 T
+0.44 (Sun\325) 108 608 P
+0.44 (s ) 130 608 P
+3 F
+0.44 (des) 138.1 608 P
+0 F
+0.44 ( supports the use of special-purpose hardware to encrypt and decrypt. Although) 154.09 608 P
+3 F
+1.33 (bdes) 72 588 P
+0 F
+1.33 ( does not directly support the use of such hardware, it uses the library routine ) 93.98 588 P
+3 F
+1.33 (encrypt) 487.05 588 P
+0 F
+1.33 (\0503\051,) 523.02 588 P
+-0.09 (which may) 72 568 P
+-0.09 (. Hardware support was not included directly to support as lar) 124.1 568 P
+-0.09 (ge a number of platforms) 419.11 568 P
+(as possible with installers needing to know as little about the hardware as possible.) 72 548 T
+-0.08 (Sun\325) 108 524 P
+-0.08 (s ) 130 524 P
+3 F
+-0.08 (des) 137.58 524 P
+0 F
+-0.08 ( supports only the CBC and ECB encryption modes; ) 153.57 524 P
+3 F
+-0.08 (bdes) 407.07 524 P
+0 F
+-0.08 ( supports all modes de-) 429.05 524 P
+0.26 (scribed in [3] \050although CFB and OFB are not completely supported\051 as well as both CBC-based) 72 504 P
+(and CFB-based MACs.) 72 484 T
+0.15 (Although input with length not a multiple of the block size is handled in the same way by) 108 460 P
+-0.47 (both ) 72 440 P
+3 F
+-0.47 (des) 95.85 440 P
+0 F
+-0.47 ( and ) 111.84 440 P
+3 F
+-0.47 (bdes) 134.21 440 P
+0 F
+-0.47 (, dif) 156.19 440 P
+-0.47 (ferent values of the padding bytes are used in all but the last byte of the input.) 174.82 440 P
+(Where ) 72 420 T
+3 F
+(bdes) 106.96 420 T
+0 F
+( puts zero bytes, ) 128.94 420 T
+3 F
+(des) 209.89 420 T
+0 F
+( puts bytes containing random values. The reason for Sun\325) 225.87 420 T
+(s doing) 505.02 420 T
+0.47 (so is to prevent a known plaintext attack on the \336le should an
+attacker determine that the input\325) 72 400 P
+0.47 (s) 535.33 400 P
+-0.29 (length were a multiple of the block size. W) 72 380 P
+-0.29 (ith ) 276.05 380 P
+3 F
+-0.29 (bdes) 291.43 380 P
+0 F
+-0.29 (, the plaintext contents of the last block of input) 313.41 380 P
+0.31 (for such a \336le is known \050a block with all bits zero\051. W) 72 360 P
+0.31 (ith ) 333.99 360 P
+3 F
+0.31 (des) 349.96 360 P
+0 F
+0.31 (, the plaintext contents of that block) 365.95 360 P
+0.73 (are not known. Cryptanalytically) 72 340 P
+0.73 (, given the information about the strength of the DES currently) 231.29 340 P
+0.2 (known, it is widely believed that known plaintext attacks are infeasible
+\050see for example [1]\051 and) 72 320 P
+1.86 (so initializing and invoking the pseudorandom number generator seems unnecessary) 72 300 P
+1.86 (. But this) 492.63 300 P
+(means that ciphertexts produced from a plaintext by ) 72 280 T
+3 F
+(bdes) 324.48 280 T
+0 F
+( and ) 346.47 280 T
+3 F
+(des) 369.78 280 T
+0 F
+( will dif) 385.77 280 T
+(fer in the last block.) 423.54 280 T
+4 F
+(Refer) 72 248 T
+(ences) 100.41 248 T
+0 F
+([1]) 72 224 T
+0.37 (D. Denning, \322The Data Encryption Standard: Fifteen Y) 108 224 P
+0.37 (ears of Public Scrutiny) 374.87 224 P
+0.37 (,\323 ) 484.8 224 P
+3 F
+0.37 (Pr) 496.49 224 P
+0.37 (oceed-) 508.04 224 P
+-0.47 (ings of the Sixth Annual Computer Security Applications Confer) 108 204 P
+-0.47 (ence) 411.65 204 P
+0 F
+-0.47 ( pp. x\320xv \050Dec. 1990\051.) 433.62 204 P
+([2]) 72 180 T
+(A. Konheim, ) 108 180 T
+3 F
+(Cryptography: A Primer) 173.29 180 T
+0 F
+(, John W) 291.4 180 T
+(iley and Sons, Inc., New Y) 333.9 180 T
+(ork, NY \0501981\051.) 461.94 180 T
+([3]) 72 156 T
+3 F
+0.63 (DES Modes of Operation) 108 156 P
+0 F
+0.63 (, Federal Information Processing Standards Publication 81, Na-) 231.47 156 P
+-0.07 (tional Bureau of Standards, U.S. Department of Commerce, W) 108 136 P
+-0.07 (ashington, DC \050Dec. 1980\051.) 407.62 136 P
+([4]) 72 112 T
+3 F
+(UNIX User) 108 112 T
+(\325) 162.74 112 T
+(s Manual) 165.18 112 T
+0 F
+(, Sun Microsystems Inc., Mountain V) 210.16 112 T
+(iew) 390 112 T
+(, CA \050Mar) 406.54 112 T
+(. 1988\051.) 455.51 112 T
+4 F
+(Appendix. The UNIX System Manual Page for ) 72 80 T
+1 F
+(bdes) 313.2 80 T
+FMENDPAGE
+%%EndPage: "7" 10
+1 11 /Times-Bold FMDEFINEFONT
+%%Page: "8" 10
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 8 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+1 F
+0 X
+(NAME) 72 712.67 T
+0 F
+(bdes - encrypt/decrypt using the Data Encryption Standard) 108 689 T
+1 F
+(SYNOPSIS) 72 663.67 T
+4 F
+(bdes) 108 640 T
+0 F
+( [) 131.33 640 T
+3 F
+( ) 138.32 640 T
+4 F
+(-abdp) 141.32 640 T
+0 F
+( ] [ ) 171.31 640 T
+4 F
+(-F) 188.3 640 T
+0 F
+( ) 199.62 640 T
+3 F
+(b) 202.62 640 T
+0 F
+( ] [ ) 208.61 640 T
+4 F
+(-f) 225.6 640 T
+0 F
+( ) 233.58 640 T
+3 F
+(b) 236.58 640 T
+0 F
+( ] [ ) 242.58 640 T
+4 F
+(-k) 259.56 640 T
+0 F
+( ) 270.22 640 T
+3 F
+(key) 273.22 640 T
+0 F
+( ] [ ) 289.2 640 T
+4 F
+(-m) 306.18 640 T
+0 F
+( ) 320.16 640 T
+3 F
+(b) 323.16 640 T
+0 F
+( ] [ ) 329.16 640 T
+4 F
+(-o) 346.14 640 T
+0 F
+( ) 356.13 640 T
+3 F
+(b) 359.13 640 T
+0 F
+( ] [ ) 365.13 640 T
+4 F
+(-v) 382.11 640 T
+0 F
+( ) 392.1 640 T
+3 F
+(vector) 395.1 640 T
+0 F
+( ]) 425.07 640 T
+1 F
+(DESCRIPTION) 72 614.67 T
+3 F
+-0.69 (Bdes) 108 591 P
+0 F
+-0.69 ( reads from the standard input and writes on the standard output. It implements all DES) 131.32 591 P
+-0.09 (modes of operation described in FIPS PUB 81 including alternative cipher feedback mode) 108 577 P
+0.74 (and both authentication modes. All modes but the electronic code book mode require an) 108 563 P
+-0.14 (initialization vector; if none is supplied, the zero vector is used. T) 108 549 P
+-0.14 (o protect the key and ini-) 420.44 549 P
+0.29 (tialization vector from being read by) 108 535 P
+3 F
+0.29 ( ps) 284.98 535 P
+0 F
+0.29 (\0501\051, ) 298.94 535 P
+3 F
+0.29 (bdes ) 319.21 535 P
+0 F
+0.29 (hides its ar) 344.48 535 P
+0.29 (guments on entry) 396.81 535 P
+0.29 (. If no ) 479.89 535 P
+3 F
+0.29 (key ) 512.74 535 P
+0 F
+0.29 (is) 532 535 P
+-0.61 (given, one is requested from the controlling terminal if that can be opened, or from the stan-) 108 521 P
+(dard input if not.) 108 507 T
+-0.17 (The key and initialization vector are taken as sequences of ) 108 489 P
+5 F
+-0.14 (ASCII) 389.38 489 P
+0 F
+-0.17 ( characters which are then) 415.48 489 P
+-0.35 (mapped into their bit representations. If either begins with
+\3240x\325 or \3240X\325, that one is taken as) 108 475 P
+1.02 (a sequence of hexadecimal digits indicating the bit pattern; if either begins with \3240b\325 or) 108 461 P
+-0.73 (\3240B\325, that one is taken as a sequence of binary digits
+indicating the bit pattern. In either case,) 108 447 P
+-0.37 (only the leading 64 bits of the key or initialization vector are used, and if fewer than 64 bits) 108 433 P
+0.35 (are provided, enough 0 bits are appended to pad the key to 64 bits. Note that if the key is) 108 419 P
+0.03 (not entered on the command line, it is interpreted in the same way) 108 405 P
+0.03 (, because with 4.4 BSD,) 424.31 405 P
+-0.36 (the password reading function ) 108 391 P
+3 F
+-0.36 (getpass) 254.45 391 P
+0 F
+-0.36 (\0503\051 allows enough characters for either hex or binary) 290.43 391 P
+(keys to be entered.) 108 377 T
+0.04 (According to the DES standard, the low-order bit of each character in the key string is de-) 108 359 P
+-0.18 (leted. Since most ) 108 345 P
+5 F
+-0.15 (ASCII) 192.75 345 P
+0 F
+-0.18 ( representations set the high-order bit to 0, simply deleting the low-) 218.84 345 P
+-0.29 (order bit ef) 108 331 P
+-0.29 (fectively reduces the size of the key space from 2) 160.49 331 P
+5 F
+-0.24 (56) 394.67 335.8 P
+0 F
+-0.29 ( to 2) 404.67 331 P
+5 F
+-0.24 (48) 425.41 335.8 P
+0 F
+-0.29 ( keys. T) 435.4 331 P
+-0.29 (o prevent this,) 472.29 331 P
+-0.46 (the high-order bit must be a function depending in part upon the low-order bit; so, the high-) 108 317 P
+0.11 (order bit is set to whatever value gives odd parity) 108 303 P
+0.11 (. This preserves the key space size. Note) 345.05 303 P
+(this resetting of the parity bit is ) 108 289 T
+3 F
+(not) 260.92 289 T
+0 F
+( done if the key is given in binary or hex.) 276.24 289 T
+-0.38 (By default, the standard input is encrypted using cipher block chaining mode and is written) 108 271 P
+0.18 (to the standard output. Using the same key for encryption and decryption preserves plain-) 108 257 P
+(text, so) 108 243 T
+( bdes ) 225.81 225 T
+3 F
+(key) 253.79 225 T
+0 F
+( < plaintext | bdes \320i ) 269.77 225 T
+3 F
+(key) 370.21 225 T
+0 F
+( ) 386.19 225 T
+(is a very expensive equivalent of ) 108 201 T
+3 F
+(cat) 268.54 201 T
+0 F
+(\0501\051.) 283.2 201 T
+(Options are:) 108 183 T
+( ) 108 165 T
+4 F
+(\320a) 111 165 T
+0 F
+-0.75 (The key and initialization vector strings are to be taken as ) 144 165 P
+5 F
+-0.62 (ASCII) 415.89 165 P
+0 F
+-0.75 ( suppressing the spe-) 441.98 165 P
+0.3 (cial interpretation given to leading \3240x\325, \3240X\325, \3240b\325,
+and \3240B\325 characters. Note this) 144 151 P
+(\337ag applies to ) 144 137 T
+3 F
+(both) 214.29 137 T
+0 F
+( the key and initialization vector) 235.62 137 T
+(.) 389.85 137 T
+4 F
+(\320b) 108 119 T
+0 F
+(Use electronic code book mode.) 144 119 T
+4 F
+(\320d) 108 101 T
+0 F
+(Decrypt the input.) 144 101 T
+FMENDPAGE
+%%EndPage: "8" 11
+%%Page: "9" 11
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 9 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+4 F
+0 X
+(\320f) 108 712 T
+0 F
+( ) 117.99 712 T
+3 F
+(b) 120.99 712 T
+0 F
+-0.29 (Use ) 144 712 P
+3 F
+-0.29 (b) 165.36 712 P
+0 F
+-0.29 (-bit cipher feedback mode. Currently ) 171.35 712 P
+3 F
+-0.29 (b) 350.42 712 P
+0 F
+-0.29 ( must be a multiple of 8 between 8 and) 356.42 712 P
+(64 inclusive \050this does not conform to the standard CFB mode speci\336cation\051.) 144 698 T
+4 F
+(\320F) 108 680 T
+0 F
+( ) 121.32 680 T
+3 F
+(b) 124.32 680 T
+0 F
+-0.29 (Use ) 144 680 P
+3 F
+-0.29 (b) 165.36 680 P
+0 F
+-0.29 (-bit alternative cipher feedback mode. Currently ) 171.36 680 P
+3 F
+-0.29 (b) 403.77 680 P
+0 F
+-0.29 ( must be a multiple of 7 be-) 409.77 680 P
+-0.12 (tween 7 and 56 inclusive \050this does not conform to the alternative CFB mode spec-) 144 666 P
+(i\336cation\051.) 144 652 T
+4 F
+(\320k) 108 634 T
+0 F
+( ) 120.67 634 T
+3 F
+(key) 123.66 634 T
+0 F
+0.37 (Use the string ) 144 616 P
+3 F
+0.37 (key) 214.74 616 P
+0 F
+0.37 ( as the cryptographic key) 230.72 616 P
+0.37 (. If this ar) 352.01 616 P
+0.37 (gument is not given, the user) 399.54 616 P
+(will be prompted for the key) 144 602 T
+(.) 280.12 602 T
+4 F
+(\320m) 108 584 T
+0 F
+( ) 123.99 584 T
+3 F
+(b) 126.99 584 T
+0 F
+0.71 (Compute a message authentication code \050MAC\051 of ) 144 584 P
+3 F
+0.71 (b) 395.78 584 P
+0 F
+0.71 ( bits on the input. ) 401.77 584 P
+3 F
+0.71 (b) 491.94 584 P
+0 F
+0.71 ( must be) 497.94 584 P
+0.11 (between 1 and 64 inclusive; if ) 144 570 P
+3 F
+0.11 (b) 291.87 570 P
+0 F
+0.11 ( is not a multiple of 8, enough 0 bits will be added) 297.86 570 P
+-0.44 (to pad the MAC length to the nearest multiple of 8. Only the MAC is output. MACs) 144 556 P
+(are only available in cipher block chaining mode or in cipher feedback mode.) 144 542 T
+4 F
+(\320o) 108 524 T
+0 F
+( ) 119.99 524 T
+3 F
+(b) 122.99 524 T
+0 F
+-0.34 (Use ) 144 524 P
+3 F
+-0.34 (b) 165.31 524 P
+0 F
+-0.34 (-bit output feedback mode. Currently ) 171.31 524 P
+3 F
+-0.34 (b) 350.83 524 P
+0 F
+-0.34 ( must be a multiple of 8 between 8 and) 356.83 524 P
+(64 inclusive \050this does not conform to the OFB mode speci\336cation\051.) 144 510 T
+4 F
+(\320p) 108 492 T
+0 F
+-0.14 (Disable the resetting of the parity bit. This \337ag forces the parity bit of the key to be) 144 492 P
+0.03 (used as typed, rather than making each character be of odd parity) 144 478 P
+0.03 (. It is used only if) 455.91 478 P
+(the key is given in ) 144 464 T
+5 F
+(ASCII) 234.95 464 T
+0 F
+(.) 261.04 464 T
+4 F
+(\320v) 108 446 T
+0 F
+( ) 119.99 446 T
+3 F
+(vector) 122.99 446 T
+0 F
+-0.5 (Set the initialization vector to ) 144 428 P
+3 F
+-0.5 (v) 286.44 428 P
+0 F
+-0.5 (; the vector is interpreted in the same way as the key) 291.76 428 P
+-0.5 (.) 537 428 P
+(The vector is ignored in electronic codebook mode.) 144 414 T
+-0.55 (The DES is considered a very strong cryptosystem, and other than table lookup attacks, key) 108 396 P
+0.24 (search attacks, and Hellman\325) 108 382 P
+0.24 (s time-memory tradeof) 246.61 382 P
+0.24 (f \050all of which are very expensive and) 356.8 382 P
+0.66 (time-consuming\051, no cryptanalytic methods for breaking the DES are known in the open) 108 368 P
+0.33 (literature. No doubt the choice of keys and key security are the most vulnerable aspect of) 108 354 P
+3 F
+(bdes) 108 340 T
+0 F
+(.) 129.98 340 T
+4 F
+(IMPLEMENT) 72 314 T
+(A) 146.41 314 T
+(TION NOTES) 154.18 314 T
+0 F
+0.57 (For implementors wishing to write software compatible with this program, the following) 108 290 P
+-0.23 (notes are provided. This software is completely compatible with the implementation of the) 108 276 P
+(data encryption standard distributed by Sun Microsystems, Inc.) 108 262 T
+0.11 (In the ECB and CBC modes, plaintext is encrypted in units of 64 bits \0508 bytes, also called) 108 244 P
+0.52 (a block\051. T) 108 230 P
+0.52 (o ensure that the plaintext \336le is encrypted correctly) 160.49 230 P
+0.52 (, ) 413.01 230 P
+3 F
+0.52 (bdes ) 419.53 230 P
+0 F
+0.52 (will \050internally\051 ap-) 445.03 230 P
+0.29 (pend from 1 to 8 bytes, the last byte containing an integer stating how many bytes of that) 108 216 P
+-0.71 (\336nal block are from the plaintext \336le, and encrypt the resulting block. Hence, when decrypt-) 108 202 P
+0.27 (ing, the last block may contain from 0 to 7 characters present in the plaintext \336le, and the) 108 188 P
+-0.59 (last byte tells how many) 108 174 P
+-0.59 (. Note that if during decryption the last byte of the \336le does not con-) 221.46 174 P
+0.41 (tain an integer between 0 and 7, either the \336le has been corrupted or an incorrect key has) 108 160 P
+0.48 (been given. A similar mechanism is used for the OFB and CFB modes, except that those) 108 146 P
+0.26 (simply require the length of the input to be a multiple of the mode size, and the \336nal byte) 108 132 P
+-0.73 (contains an integer between 0 and one less than the number of bytes being used as the mode.) 108 118 P
+(\050This was another reason that the mode size must be a multiple of 8 for those modes.\051) 108 104 T
+FMENDPAGE
+%%EndPage: "9" 12
+%%Page: "10" 12
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 10 of 11) 473.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+0.94 (Unlike Sun\325) 108 712 P
+0.94 (s implementation, unused bytes of that last block are not \336lled with random) 166.58 712 P
+0.57 (data, but instead contain what was in those byte positions in the preceding block. This is) 108 698 P
+(quicker and more portable, and does not weaken the encryption signi\336cantly) 108 684 T
+(.) 473.95 684 T
+0.36 (If the key is entered in ) 108 666 P
+5 F
+0.3 (ASCII) 220.76 666 P
+0 F
+0.36 (, the parity bits of the key characters are set so that each key) 246.85 666 P
+1.03 (character is of odd parity) 108 652 P
+1.03 (. Unlike Sun\325) 231.23 652 P
+1.03 (s implementation, it is possible to enter binary or) 296.92 652 P
+-0.57 (hexadecimal keys on the command line, and if this is done, the parity bits are ) 108 638 P
+3 F
+-0.57 (not ) 472.85 638 P
+0 F
+-0.57 (reset. This) 490.61 638 P
+(allows testing using arbitrary bit patterns as keys.) 108 624 T
+0.64 (The Sun implementation always uses an initialization vector of 0 \050that is, all zeroes\051. By) 108 606 P
+(default, ) 108 592 T
+3 F
+(bdes ) 147.3 592 T
+0 F
+(does too, but this may be changed from the command line.) 172.29 592 T
+4 F
+(FILES) 72 566 T
+0 F
+(/dev/tty) 108 542 T
+(controlling terminal for typed key) 180 542 T
+4 F
+(SEE ALSO) 72 516 T
+3 F
+(crypt) 108 492 T
+0 F
+(\0501\051, ) 132.65 492 T
+3 F
+(crypt) 152.63 492 T
+0 F
+(\0503\051) 177.27 492 T
+3 F
+-0.4 (Data Encryption Standar) 108 474 P
+-0.4 (d) 228.02 474 P
+0 F
+-0.4 (, Federal Information Processing Standard #46, National Bureau) 234.02 474 P
+(of Standards, U.S. Department of Commerce, W) 108 460 T
+(ashington DC \050Jan. 1977\051.) 340.2 460 T
+3 F
+0.16 (DES) 108 442 P
+0 F
+0.16 ( ) 129.98 442 P
+3 F
+0.16 (Modes of Operation, ) 133.15 442 P
+0 F
+0.16 (Federal Information Processing Standard #81, National Bureau) 236.24 442 P
+(of Standards, U.S. Department of Commerce, W) 108 428 T
+(ashington DC \050Dec. 1980\051.) 340.2 428 T
+2.75 (Dorothy Denning, ) 108 410 P
+3 F
+2.75 (Cryptography and Data Security) 203.77 410 P
+0 F
+2.75 (, Addison-W) 368.8 410 P
+2.75 (esley Publishing Co.,) 432.55 410 P
+(Reading, MA \2511982.) 108 396 T
+-0.19 ( Matt Bishop, \322Implementation Notes on ) 108 378 P
+3 F
+-0.19 (bdes) 305.76 378 P
+0 F
+-0.19 (\0501\051\323, T) 327.75 378 P
+-0.19 (echnical Report PCS-TR-91-158, De-) 359.35 378 P
+0.34 (partment of Mathematics and Computer Science, Dartmouth College, Hanover) 108 364 P
+0.34 (, NH \050Apr) 488.01 364 P
+0.34 (.) 537 364 P
+(1991\051.) 108 350 T
+4 F
+(CAUTION) 72 324 T
+0 F
+-0.55 (Certain speci\336c keys should be avoided because they introduce potential weaknesses; these) 108 300 P
+-0.44 (keys, called the ) 108 286 P
+3 F
+-0.44 (weak) 183.95 286 P
+0 F
+-0.44 ( and ) 208.6 286 P
+3 F
+-0.44 (semiweak) 231.03 286 P
+0 F
+-0.44 ( keys, are \050in hex notation, where ) 277.66 286 P
+6 F
+-1.06 (p) 437.45 286 P
+0 F
+-0.44 ( is either ) 444.64 286 P
+6 F
+-1.06 (0) 487.63 286 P
+0 F
+-0.44 ( or ) 494.82 286 P
+6 F
+-1.06 (1) 509.93 286 P
+0 F
+-0.44 (, and) 517.12 286 P
+6 F
+(P) 108 272 T
+0 F
+( is either ) 115.2 272 T
+6 F
+(e) 159.5 272 T
+0 F
+( or ) 166.7 272 T
+6 F
+(f) 182.68 272 T
+0 F
+(\051:) 189.88 272 T
+6 F
+(0x0p0p0p0p0p0p0p0p) 144 254 T
+(0x0p1P0p1P0p0P0p0P) 360 254 T
+(0x0pep0pep0pfp0pfp) 144 236 T
+(0x0pfP0pfP0pfP0pfP) 360 236 T
+(0x1P0p1P0p0P0p0P0p) 144 218 T
+(0x1P1P1P1P0P0P0P0P) 360 218 T
+(0x1Pep1Pep0Pfp0Pfp) 144 200 T
+(0x1PfP1PfP0PfP0PfP) 360 200 T
+(0xep0pep0pfp0pfp0p) 144 182 T
+(0xep1Pep1pfp0Pfp0P) 360 182 T
+(0xepepepepepepepep) 144 164 T
+(0xepfPepfPfpfPfpfP) 360 164 T
+(0xfP0pfP0pfP0pfP0p) 144 146 T
+(0xfP1PfP1PfP0PfP0P) 360 146 T
+(0xfPepfPepfPepfPep) 144 128 T
+(0xfPfPfPfPfPfPfPfP) 360 128 T
+0 F
+0.13 (The weakness of these keys is inherent in the DES algorithm \050see for example Moore and) 108 110 P
+-0.57 (Simmons, \322Cycle structure of the DES with weak and semi-weak keys,\323) 108 96 P
+3 F
+-0.57 ( Advances in Cryp-) 449.43 96 P
+(tology \320 Crypto \32486 Pr) 108 82 T
+(oceedings) 216.83 82 T
+0 F
+(, Springer) 264.79 82 T
+(-V) 311.85 82 T
+(erlag New Y) 323.17 82 T
+(ork, \2511987, pp. 9-32\051.) 383.25 82 T
+FMENDPAGE
+%%EndPage: "10" 13
+%%Page: "11" 13
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 11 of 11) 473.71 34.7 T
+72 72 540 720 R
+7 X
+V
+4 F
+0 X
+(BUGS) 72 712 T
+0 F
+-0.18 (There is a controversy raging over whether the DES will still be secure in a few years. The) 108 688 P
+0.31 (advent of special-purpose hardware could reduce the cost of any of the methods of attack) 108 674 P
+(named above so that they are no longer computationally infeasible.) 108 660 T
+0.32 (Programs which display programs\325 ar) 108 642 P
+0.32 (guments may compromise the key and initialization) 289.59 642 P
+0.76 (vector if they are speci\336ed on the command line. T) 108 628 P
+0.76 (o avoid this ) 358.46 628 P
+3 F
+0.76 (bdes) 419.7 628 P
+0 F
+0.76 ( overwrites its ar) 441.68 628 P
+0.76 (gu-) 524.01 628 P
+(ments. However) 108 614 T
+(, the obvious race cannot currently be avoided.) 186.12 614 T
+0.25 (As the key or key schedule is kept in memory throughout the run of this program, the en-) 108 596 P
+(cryption can be compromised if memory is readable.) 108 582 T
+-0.4 (There is no warranty of merchantability nor any warranty of \336tness for a particular purpose) 108 564 P
+0.05 (nor any other warranty) 108 550 P
+0.05 (, either express or implied, as to the accuracy of the enclosed mate-) 216.95 550 P
+(rials or as to their suitability for any particular purpose.) 108 536 T
+-0.06 (Accordingly) 108 518 P
+-0.06 (, the user assumes full responsibility for their use. Further) 167.18 518 P
+-0.06 (, the author assumes) 442.93 518 P
+-0.25 (no obligation to furnish any assistance of any kind whatsoever) 108 504 P
+-0.25 (, or to furnish any additional) 404.69 504 P
+(information or documentation.) 108 490 T
+4 F
+(AUTHOR) 72 464 T
+0 F
+-0.54 (Matt Bishop, Department of Mathematics and Computer Science, Bradley Hall, Dartmouth) 108 440 P
+(College, Hanover) 108 426 T
+(, NH 03755) 192.12 426 T
+(Electronic mail addresses:) 108 408 T
+(Internet: Matt.Bishop@dartmouth.edu) 108 390 T
+(UUCP: decvax!dartvax!Matt.Bishop) 108 372 T
+FMENDPAGE
+%%EndPage: "11" 14
+%%Trailer
+%%BoundingBox: 0 0 612 792
+%%Pages: 13 1
+%%DocumentFonts: Helvetica-Bold
+%%+ Helvetica-BoldOblique
+%%+ Times-Roman
+%%+ Times-Bold
+%%+ Times-BoldItalic
+%%+ Times-Italic
+%%+ Courier
+%%+ Courier-Oblique
+%%+ ZapfDingbats
+%%+ Symbol
+%%+ Courier-Bold
OpenPOWER on IntegriCloud