des_encrypt() -- SSLeay 0.9.0b -- January 1999

NAME

des_cbc_cksum, des_quad_cksum -- DES checksum computation

SYNOPSIS

#include "des.h"

unsigned long des_cbc_cksum(input,output,length,ks,ivec)
des_cblock *input, *output, *ivec;
long length;
des_key_schedule ks;

unsigned long des_quad_cksum(input,output,length,out_count,seed)
des_cblock *input, *output, *seed;
long length;
int out_count;

DESCRIPTION

Please note that this library was originally written to operate with eBones, a version of Kerberos that had had encryption removed when it left the USA and then put back in. As such there are some routines that I will advise not using but they are still in the library for historical reasons. For all calls that have an 'input' and 'output' variables, they can be the same.

All of the encryption functions take what is called a des_key_schedule as an argument. A des_key_schedule is an expanded form of the des key. A des_key is 8 bytes of odd parity, the type used to hold the key is a des_cblock. A des_cblock is an array of 8 bytes, often in this library description I will refer to input bytes when the function specifies des_cblock's as input or output, this just means that the variable should be a multiple of 8 bytes.

des_cbc_cksum() produces an 8 byte checksum from input that it puts in output and returns the last 4 bytes as a long. The checksum is generated via cbc mode of DES in which only the last 8 byes are kept. I would recommend not using this function but instead using the EVP_Digest routines, or at least using MD5 or SHA. This function is used by Kerberos v4 so that is why it stays in the library.

des_quad_cksum() is from Kerberos v4 that is not anything to do with DES but was needed. It is a cksum that is quicker to generate than des_cbc_cksum(); I personally would use MD5 routines now.