Importing usr.bin/bdes

distrib/sets/lists/minix/mi

@@ -219,6 +219,7 @@
 ./usr/bin/badblocks			minix-sys	obsolete
 ./usr/bin/banner			minix-sys
 ./usr/bin/basename			minix-sys
+./usr/bin/bdes				minix-sys
 ./usr/bin/bsdtar			minix-sys
 ./usr/bin/bsfilt			minix-sys
 ./usr/bin/btrace			minix-sys
@@ -1207,6 +1208,7 @@
 ./usr/man/man1/awk.1			minix-sys
 ./usr/man/man1/banner.1			minix-sys
 ./usr/man/man1/basename.1		minix-sys
+./usr/man/man1/bdes.1			minix-sys
 ./usr/man/man1/break.1			minix-sys
 ./usr/man/man1/bsdtar.1			minix-sys
 ./usr/man/man1/bsfilt.1			minix-sys

releasetools/nbsd_ports

@@ -124,6 +124,7 @@
 2012/10/17 12:00:00,tools/tsort
 2009/05/08 12:48:43,usr.bin/apropos
 2012/10/17 12:00:00,usr.bin/banner
+2013/05/31 12:00:00,usr.bin/bdes
 2012/10/17 12:00:00,usr.bin/bzip2
 2012/10/17 12:00:00,usr.bin/bzip2recover
 2013/03/15 12:00:00,usr.bin/cal

usr.bin/Makefile

@@ -4,7 +4,7 @@
 .include <bsd.own.mk>
 
 SUBDIR= \
-	banner \
+	banner bdes \
 	bzip2 bzip2recover \
 	cal chpass cksum \
 	col ctags \

usr.bin/bdes/Makefile

@@ -0,0 +1,12 @@
+#	$NetBSD: Makefile,v 1.7 2007/05/28 12:06:24 tls Exp $
+#	@(#)Makefile	8.1 (Berkeley) 6/6/93
+
+USE_FORT?=	yes	# cryptographic software
+
+WARNS=	3
+PROG=	bdes
+
+LDADD+=	-lcrypt
+DPADD+=	${LIBCRYPT}
+
+.include <bsd.prog.mk>

usr.bin/bdes/bdes.1

@@ -0,0 +1,366 @@
+.\"	$NetBSD: bdes.1,v 1.14 2010/01/15 19:40:17 joerg Exp $
+.\"
+.\" Copyright (c) 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" This code is derived from software contributed to Berkeley by
+.\" Matt Bishop of Dartmouth College.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)bdes.1	8.1 (Berkeley) 6/29/93
+.\"
+.Dd December 1, 2001
+.Dt BDES 1
+.Os
+.Sh NAME
+.Nm bdes
+.Nd encrypt/decrypt using the Data Encryption Standard
+.Sh SYNOPSIS
+.Nm
+.Op Fl abdp
+.Op Fl F Ar N
+.Op Fl f Ar N
+.Op Fl k Ar key
+.Op Fl m Ar N
+.Op Fl o Ar N
+.Op Fl v Ar vector
+.Sh DESCRIPTION
+.Nm
+implements all DES modes of operation described in FIPS PUB 81,
+including alternative cipher feedback mode and both authentication
+modes.
+.Nm
+reads from the standard input and writes to the standard output.
+By default, the input is encrypted using cipher block chaining mode.
+Using the same key for encryption and decryption preserves plain text.
+.Pp
+All modes but the electronic code book mode require an initialization
+vector; if none is supplied, the zero vector is used.
+If no
+.Ar key
+is specified on the command line, the user is prompted for one (see
+.Xr getpass 3
+for more details).
+.Pp
+The options are as follows:
+.Bl -tag -width "-v vector" -compact
+.It Fl a
+The key and initialization vector strings are to be taken as ASCII,
+suppressing the special interpretation given to leading
+.Dq 0X ,
+.Dq 0x ,
+.Dq 0B ,
+and
+.Dq 0b
+characters.
+This flag applies to
+.Em both
+the key and initialization vector.
+.It Fl b
+Use electronic code book mode.
+This is not recommended for messages
+longer than 8 bytes, as patterns in the input will show through to the
+output.
+.It Fl d
+Decrypt the input.
+.It Fl F Ar N
+Use
+.Ar N Ns -bit
+alternative cipher feedback mode.
+Currently
+.Ar N
+must be a multiple of 7 between 7 and 56 inclusive (this does not conform
+to the alternative CFB mode specification).
+.It Fl f Ar N
+Use
+.Ar N Ns -bit
+cipher feedback mode.
+Currently
+.Ar N
+must be a multiple of 8 between 8 and 64 inclusive (this does not conform
+to the standard CFB mode specification).
+.It Fl k Ar key
+Use
+.Ar key
+as the cryptographic key.
+.It Fl m Ar N
+Compute a message authentication code (MAC) of
+.Ar N
+bits on the input.
+The value of
+.Ar N
+must be between 1 and 64 inclusive; if
+.Ar N
+is not a multiple of 8, enough 0 bits will be added to pad the MAC length
+to the nearest multiple of 8.
+Only the MAC is output.
+MACs are only available in cipher block chaining mode or in cipher feedback
+mode.
+.It Fl o Ar N
+Use
+.Ar N Ns -bit
+output feedback mode.
+Currently
+.Ar N
+must be a multiple of 8 between 8 and 64 inclusive (this does not conform
+to the OFB mode specification).
+.It Fl p
+Disable the resetting of the parity bit.
+This flag forces the parity bit of the key to be used as typed, rather than
+making each character be of odd parity.
+It is used only if the key is given in ASCII.
+.It Fl v Ar vector
+Set the initialization vector to
+.Ar vector ;
+the vector is interpreted in the same way as the key.
+The vector is ignored in electronic codebook mode.
+For best security, a different
+initialization vector should be used for each file.
+.El
+.Pp
+The key and initialization vector are taken as sequences of ASCII
+characters which are then mapped into their bit representations.
+If either begins with
+.Dq 0X
+or
+.Dq 0x ,
+that one is taken as a sequence of hexadecimal digits indicating the
+bit pattern;
+if either begins with
+.Dq 0B
+or
+.Dq 0b ,
+that one is taken as a sequence of binary digits indicating the bit pattern.
+In either case,
+only the leading 64 bits of the key or initialization vector
+are used,
+and if fewer than 64 bits are provided, enough 0 bits are appended
+to pad the key to 64 bits.
+.Pp
+According to the DES standard, the low-order bit of each character in the
+key string is deleted.
+Since most ASCII representations set the high-order bit to 0, simply
+deleting the low-order bit effectively reduces the size of the key space
+from
+.if t 2\u\s-356\s0\d
+.if n 2**56
+to
+.if t 2\u\s-348\s0\d
+.if n 2**48
+keys.
+To prevent this, the high-order bit must be a function depending in part
+upon the low-order bit; so, the high-order bit is set to whatever value
+gives odd parity.
+This preserves the key space size.
+Note this resetting of the parity bit is
+.Em not
+done if the key is given in binary or hex, and can be disabled for ASCII
+keys as well.
+.Pp
+The DES is considered a very strong cryptosystem hobbled by a short
+key, and other than table lookup attacks, key search attacks, and
+Hellman's time-memory tradeoff (all of which are very expensive and
+time-consuming), no practical cryptanalytic methods for breaking the
+DES are known in the open literature.
+As of this writing, the best
+known cryptanalytic method is linear cryptanalysis, which requires an
+average of
+.if t 2\u\s-343\s0\d
+.if n 2**43
+known plaintext-ciphertext pairs to succeed.
+Unfortunately for the DES, key search attacks (requiring only
+a single known plaintext-ciphertext pair and trying
+.if t 2\u\s-355\s0\d
+.if n 2**55
+keys on average) are becoming practical.
+.Pp
+As with all cryptosystems, the choice of keys and
+key security remain the most vulnerable aspect of
+.Nm .
+.Sh IMPLEMENTATION NOTES
+For implementors wishing to write software compatible with this program,
+the following notes are provided.
+This software is believed to be compatible with the implementation of the
+data encryption standard distributed by Sun Microsystems, Inc.
+.Pp
+In the ECB and CBC modes, plaintext is encrypted in units of 64 bits (8 bytes,
+also called a block).
+To ensure that the plaintext file is encrypted correctly,
+.Nm
+will (internally) append from 1 to 8 bytes, the last byte containing an
+integer stating how many bytes of that final block are from the plaintext
+file, and encrypt the resulting block.
+Hence, when decrypting, the last block may contain from 0 to 7 characters
+present in the plaintext file, and the last byte tells how many.
+Note that if during decryption the last byte of the file does not contain an
+integer between 0 and 7, either the file has been corrupted or an incorrect
+key has been given.
+A similar mechanism is used for the OFB and CFB modes, except that those
+simply require the length of the input to be a multiple of the mode size,
+and the final byte contains an integer between 0 and one less than the number
+of bytes being used as the mode.
+(This was another reason that the mode size must be a multiple of 8 for those
+modes.)
+.Pp
+Unlike Sun's implementation, unused bytes of that last block are not filled
+with random data, but instead contain what was in those byte positions in
+the preceding block.
+This is quicker and more portable, and does not weaken the encryption
+significantly.
+.Pp
+If the key is entered in ASCII, the parity bits of the key characters are set
+so that each key character is of odd parity.
+Unlike Sun's implementation, it is possible to enter binary or hexadecimal
+keys on the command line, and if this is done, the parity bits are
+.Em not
+reset.
+This allows testing using arbitrary bit patterns as keys.
+.Pp
+The Sun implementation always uses an initialization vector of 0
+(that is, all zeroes).
+By default,
+.Nm
+does too, but this may be changed from the command line.
+.Sh SEE ALSO
+.Xr crypt 3 ,
+.Xr getpass 3
+.Rs
+.%T Data Encryption Standard
+.%R Federal Information Processing Standard #46
+.%Q National Bureau of Standards, U.S. Department of Commerce
+.\" should be .%C as soon as it's supported.
+.%O Washington DC
+.%D January 1977
+.Re
+.Rs
+.%T DES Modes of Operation
+.%R Federal Information Processing Standard #81
+.%Q National Bureau of Standards, U.S. Department of Commerce
+.\" should be .%C as soon as it's supported.
+.%O Washington DC
+.%D December 1980
+.Re
+.Rs
+.%A Dorothy Denning
+.%T Cryptography and Data Security
+.%I Addison-Wesley Publishing Co.
+.\" should be .%C as soon as it's supported.
+.%O Reading, MA
+.%D 1982
+.Re
+.Rs
+.%A Matt Bishop
+.%T Implementation Notes on bdes(1)
+.%R Technical Report PCS-TR-91-158
+.%Q Department of Mathematics and Computer Science, Dartmouth College
+.\" should be .%C as soon as it's supported.
+.%O Hanover, NH 03755
+.%D April 1991
+.Re
+.Rs
+.%A M.J. Wiener
+.%T Efficient DES Key Search
+.%R Technical Report 244
+.%Q School of Computer Science, Carleton University
+.%D May 1994
+.Re
+.Rs
+.%A Bruce Schneier
+.%T Applied Cryptography (2nd edition)
+.%I John Wiley \*[Am] Sons, Inc.
+.%O New York, NY
+.\" should be .%C as soon as it's supported.
+.%D 1996
+.Re
+.Rs
+.%A M. Matsui
+.%T Linear Cryptanalysis Method for DES Cipher
+.%R Advances in Cryptology -- Eurocrypt '93 Proceedings
+.%I Springer-Verlag
+.%D 1994
+.Re
+.Rs
+.%A Blaze
+.%A Diffie
+.%A Rivest
+.%A Schneier
+.%A Shimomura
+.%A Thompson
+.%A Wiener
+.%T Minimal Key Lengths for Symmetric Ciphers To Provide Adequate Commercial Security
+.%I Business Software Alliance
+.%U http://www.bsa.org/policy/encryption/cryptographers.html
+.%D January 1996
+.Re
+.Sh BUGS
+When this document was originally written, there was a controversy
+raging over whether the DES would still be secure in a few years.
+There is now near-universal consensus in the cryptographic community
+that the key length of the DES is far too short.
+The advent of
+special-purpose hardware could reduce the cost of any of the methods
+of attack named above so that they are no longer computationally
+infeasible; in addition, the explosive growth in the number and speed
+of modern microprocessors as well as advances in programmable logic
+devices has brought an attack using only commodity hardware into the
+realm of possibility.
+Schneier and others currently recommend using
+cryptosystems with keys of at least 90 bits when long-term security is
+needed.
+.Pp
+As the key or key schedule is stored in memory, the encryption can be
+compromised if memory is readable.
+Additionally, programs which display programs' arguments may compromise the
+key and initialization vector, if they are specified on the command line.
+To avoid this
+.Nm
+overwrites its arguments, however, the obvious race cannot currently be
+avoided.
+.Pp
+Certain specific keys should be avoided because they introduce potential
+weaknesses; these keys, called the
+.Em weak
+and
+.Em semiweak
+keys, are (in hex notation, where p is either 0 or 1, and P is either
+e or f):
+.Bd -literal -offset indent
+0x0p0p0p0p0p0p0p0p	0x0p1P0p1P0p0P0p0P
+0x0pep0pep0pfp0pfp	0x0pfP0pfP0pfP0pfP
+0x1P0p1P0p0P0p0P0p	0x1P1P1P1P0P0P0P0P
+0x1Pep1Pep0Pfp0Pfp	0x1PfP1PfP0PfP0PfP
+0xep0pep0pfp0pfp0p	0xep1Pep1pfp0Pfp0P
+0xepepepepepepepep	0xepfPepfPfpfPfpfP
+0xfP0pfP0pfP0pfP0p	0xfP1PfP1PfP0PfP0P
+0xfPepfPepfPepfPep	0xfPfPfPfPfPfPfPfP
+.Ed
+.Pp
+This is inherent in the DES algorithm (see Moore and Simmons,
+.Do
+Cycle structure of the DES with weak and semi-weak keys
+.Dc ,
+.Em "Advances in Cryptology \- Crypto '86 Proceedings" ,
+Springer-Verlag New York, \(co1987, pp. 9-32.)