|
@ -1,4 +1,4 @@ |
|
|
.\" $OpenBSD: crypt.3,v 1.43 2014/12/02 07:39:58 schwarze Exp $ |
|
|
|
|
|
|
|
|
.\" $OpenBSD: crypt.3,v 1.44 2014/12/08 20:46:04 tedu Exp $ |
|
|
.\" |
|
|
.\" |
|
|
.\" FreeSec: libcrypt |
|
|
.\" FreeSec: libcrypt |
|
|
.\" |
|
|
.\" |
|
@ -31,32 +31,20 @@ |
|
|
.\" |
|
|
.\" |
|
|
.\" Manual page, using -mandoc macros |
|
|
.\" Manual page, using -mandoc macros |
|
|
.\" |
|
|
.\" |
|
|
.Dd $Mdocdate: December 2 2014 $ |
|
|
|
|
|
|
|
|
.Dd $Mdocdate: December 8 2014 $ |
|
|
.Dt CRYPT 3 |
|
|
.Dt CRYPT 3 |
|
|
.Os |
|
|
.Os |
|
|
.Sh NAME |
|
|
.Sh NAME |
|
|
.Nm crypt , |
|
|
.Nm crypt , |
|
|
.Nm setkey , |
|
|
|
|
|
.Nm encrypt , |
|
|
|
|
|
.Nm des_setkey , |
|
|
|
|
|
.Nm des_cipher , |
|
|
|
|
|
.Nm bcrypt_gensalt , |
|
|
.Nm bcrypt_gensalt , |
|
|
.Nm bcrypt |
|
|
.Nm bcrypt |
|
|
.Nd password hashing |
|
|
.Nd password hashing |
|
|
.Sh SYNOPSIS |
|
|
.Sh SYNOPSIS |
|
|
.In stdlib.h |
|
|
.In stdlib.h |
|
|
.Ft int |
|
|
|
|
|
.Fn setkey "const char *key" |
|
|
|
|
|
.Pp |
|
|
.Pp |
|
|
.In unistd.h |
|
|
.In unistd.h |
|
|
.Ft char * |
|
|
.Ft char * |
|
|
.Fn crypt "const char *key" "const char *setting" |
|
|
.Fn crypt "const char *key" "const char *setting" |
|
|
.Ft int |
|
|
|
|
|
.Fn encrypt "char *block" "int flag" |
|
|
|
|
|
.Ft int |
|
|
|
|
|
.Fn des_setkey "const char *key" |
|
|
|
|
|
.Ft int |
|
|
|
|
|
.Fn des_cipher "const char *in" "char *out" "int32_t salt" "int count" |
|
|
|
|
|
.In pwd.h |
|
|
.In pwd.h |
|
|
.Ft char * |
|
|
.Ft char * |
|
|
.Fn bcrypt_gensalt "u_int8_t log_rounds" |
|
|
.Fn bcrypt_gensalt "u_int8_t log_rounds" |
|
@ -189,82 +177,12 @@ The value returned is a NUL-terminated |
|
|
string, 20 or 13 bytes (plus NUL) in length, consisting of the |
|
|
string, 20 or 13 bytes (plus NUL) in length, consisting of the |
|
|
.Fa setting |
|
|
.Fa setting |
|
|
followed by the encoded 64-bit encryption. |
|
|
followed by the encoded 64-bit encryption. |
|
|
.Pp |
|
|
|
|
|
The functions |
|
|
|
|
|
.Fn encrypt , |
|
|
|
|
|
.Fn setkey , |
|
|
|
|
|
.Fn des_setkey , |
|
|
|
|
|
and |
|
|
|
|
|
.Fn des_cipher |
|
|
|
|
|
provide access to the |
|
|
|
|
|
DES algorithm itself. |
|
|
|
|
|
.Fn setkey |
|
|
|
|
|
is passed a 64-byte array of binary values (numeric 0 or 1). |
|
|
|
|
|
A 56-bit key is extracted from this array by dividing the |
|
|
|
|
|
array into groups of 8, and ignoring the last bit in each group. |
|
|
|
|
|
That bit is reserved for a byte parity check by DES, but is ignored |
|
|
|
|
|
by these functions. |
|
|
|
|
|
.Pp |
|
|
|
|
|
The |
|
|
|
|
|
.Fa block |
|
|
|
|
|
argument to |
|
|
|
|
|
.Fn encrypt |
|
|
|
|
|
is also a 64-byte array of binary values. |
|
|
|
|
|
If the value of |
|
|
|
|
|
.Fa flag |
|
|
|
|
|
is 0, |
|
|
|
|
|
.Fa block |
|
|
|
|
|
is encrypted otherwise it is decrypted. |
|
|
|
|
|
The result is returned in the original array |
|
|
|
|
|
.Fa block |
|
|
|
|
|
after using the key specified by |
|
|
|
|
|
.Fn setkey |
|
|
|
|
|
to process it. |
|
|
|
|
|
.Pp |
|
|
|
|
|
The argument to |
|
|
|
|
|
.Fn des_setkey |
|
|
|
|
|
is a character array of length 8. |
|
|
|
|
|
The least significant bit (the parity bit) in each character is ignored, |
|
|
|
|
|
and the remaining bits are concatenated to form a 56-bit key. |
|
|
|
|
|
The function |
|
|
|
|
|
.Fn des_cipher |
|
|
|
|
|
encrypts (or decrypts if |
|
|
|
|
|
.Fa count |
|
|
|
|
|
is negative) the 64-bits stored in the 8 characters at |
|
|
|
|
|
.Fa in |
|
|
|
|
|
using |
|
|
|
|
|
.Xr abs 3 |
|
|
|
|
|
of |
|
|
|
|
|
.Fa count |
|
|
|
|
|
iterations of DES |
|
|
|
|
|
and stores the 64-bit result in the 8 characters at |
|
|
|
|
|
.Fa out |
|
|
|
|
|
(which may be the same as |
|
|
|
|
|
.Fa in ) . |
|
|
|
|
|
The |
|
|
|
|
|
.Fa salt |
|
|
|
|
|
specifies perturbations to the DES |
|
|
|
|
|
E-box output as described above. |
|
|
|
|
|
.Pp |
|
|
|
|
|
The |
|
|
|
|
|
.Fn crypt , |
|
|
|
|
|
.Fn setkey , |
|
|
|
|
|
and |
|
|
|
|
|
.Fn des_setkey |
|
|
|
|
|
functions all manipulate the same key space. |
|
|
|
|
|
.Sh RETURN VALUES |
|
|
.Sh RETURN VALUES |
|
|
The function |
|
|
The function |
|
|
.Fn crypt |
|
|
.Fn crypt |
|
|
returns a pointer to the encrypted value on success, and |
|
|
returns a pointer to the encrypted value on success, and |
|
|
.Dv NULL |
|
|
.Dv NULL |
|
|
on failure. |
|
|
on failure. |
|
|
The functions |
|
|
|
|
|
.Fn setkey , |
|
|
|
|
|
.Fn encrypt , |
|
|
|
|
|
.Fn des_setkey , |
|
|
|
|
|
and |
|
|
|
|
|
.Fn des_cipher |
|
|
|
|
|
return 0 on success and 1 on failure. |
|
|
|
|
|
.Sh SEE ALSO |
|
|
.Sh SEE ALSO |
|
|
.Xr encrypt 1 , |
|
|
.Xr encrypt 1 , |
|
|
.Xr login 1 , |
|
|
.Xr login 1 , |
|
|