From a0e9f529a441a3b9c42ca9a18edb15ff14878076 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 14 Nov 1999 03:23:17 +0000 Subject: [PATCH] Add support for the 40 and 64 bit RC2 and RC4 ciphers in 'enc' add documentation for 'enc'. --- CHANGES | 6 +- apps/progs.h | 12 +++ apps/progs.pl | 5 +- doc/man/enc.pod | 190 ++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 210 insertions(+), 3 deletions(-) create mode 100644 doc/man/enc.pod diff --git a/CHANGES b/CHANGES index 2915d2392..dc60f56cc 100644 --- a/CHANGES +++ b/CHANGES @@ -4,13 +4,17 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document + the 'enc' command. + [Steve Henson] + *) Add the possibility to add extra information to the memory leak detecting output, to form tracebacks, showing from where each allocation was originated. Also updated sid code to be multi- thread-safe. [Richard Levitte] - *) Add options -text and -noout to pkcs7 utility and delets the + *) Add options -text and -noout to pkcs7 utility and delete the encryption options which never did anything. Update docs. [Steve Henson] diff --git a/apps/progs.h b/apps/progs.h index 422dcedfb..cf5437da6 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -118,6 +118,12 @@ FUNCTION functions[] = { #ifndef NO_RC4 {FUNC_TYPE_CIPHER,"rc4",enc_main}, #endif +#ifndef NO_RC4 + {FUNC_TYPE_CIPHER,"rc4-64",enc_main}, +#endif +#ifndef NO_RC4 + {FUNC_TYPE_CIPHER,"rc4-40",enc_main}, +#endif #ifndef NO_RC2 {FUNC_TYPE_CIPHER,"rc2",enc_main}, #endif @@ -190,6 +196,12 @@ FUNCTION functions[] = { #ifndef NO_RC2 {FUNC_TYPE_CIPHER,"rc2-ofb",enc_main}, #endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main}, +#endif +#ifndef NO_RC2 + {FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main}, +#endif #ifndef NO_BF {FUNC_TYPE_CIPHER,"bf-cbc",enc_main}, #endif diff --git a/apps/progs.pl b/apps/progs.pl index ffcb8b696..2c4d034e4 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -50,13 +50,14 @@ foreach ("md2","md5","sha","sha1","mdc2","rmd160") foreach ( "base64", - "des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5", + "des", "des3", "desx", "idea", "rc4", "rc4-64", "rc4-40", + "rc2", "bf", "cast", "rc5", "des-ecb", "des-ede", "des-ede3", "des-cbc", "des-ede-cbc","des-ede3-cbc", "des-cfb", "des-ede-cfb","des-ede3-cfb", "des-ofb", "des-ede-ofb","des-ede3-ofb", "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", - "rc2-cbc", "rc2-ecb", "rc2-cfb", "rc2-ofb", + "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc", "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb") diff --git a/doc/man/enc.pod b/doc/man/enc.pod new file mode 100644 index 000000000..53884ed3e --- /dev/null +++ b/doc/man/enc.pod @@ -0,0 +1,190 @@ +=pod +=head1 NAME + +enc - symmetric cipher routines + +=head1 SYNOPSIS + +B +[B<-in filename>] +[B<-out filename>] +[B<-e>] +[B<-d>] +[B<-a>] +[B<-A>] +[B<-k password>] +[B<-kfile filename>] +[B<-K key>] +[B<-iv IV>] +[B<-p>] +[B<-P>] +[B<-bufsize number>] +[B<-debug>] + +=head1 DESCRIPTION + +The symmetric cipher commands allow data to be encrytped or decrypted +using various block and stream ciphers using keys based on passwords +or explicitly provided. Base64 encoding or decoding can also be performed +either by itself or in addition to the encryption or decryption. + +=head1 OPTIONS + +=over 4 + +=item B<-in filename> + +the input filename, standard input by default. + +=item B<-out filename> + +the output filename, standard output by default. + +=item B<-e> + +encrypt the input data: this is the default. + +=item B<-d> + +decrypt the input data. + +=item B<-a> + +base64 process the data. This means that if encryption is taking place +the data is base64 encoded after encryption. If decryption is set then +the input data is base64 decoded before being decrypted. + +=item B<-A> + +if the B<-a> option is set then base64 process the data on one line. + +=item B<-k password> + +the password to derive the key from. + +=item B<-kfile filename> + +read the password to derive the key from the first line of B + +=item B<-K key> + +the actual key to use: this must be represented as a string comprised only +of hex digits. + +=item B<-iv IV> + +the actual IV to use: this must be represented as a string comprised only +of hex digits. + +=item B<-p> + +print out the key and IV used. + +=item B<-P> + +print out the key and IV used then immediately exit: don't do any encryption +or decryption. + +=item B<-bufsize number> + +set the buffer size for I/O + +=item B<-debug> + +debug the BIOs used for I/O. + +=back + +=head1 NOTES + +The program can be called either as B or +B. + +A password will be prompted for to derive the key and IV if necessary. + +All the block ciphers use PKCS#5 padding also known as standard block +padding: this allows a rudimentary integrity or password check to be +performed. However since the chance of random data passing the test is +better than 1 in 256 it isn't a very good test. + +All RC2 ciphers have the same key and effective key length. + +Blowfish and RC5 algorithms use a 128 bit key. + +=head1 SUPPORTED CIPHERS + + base64 Base 64 + + bf-cbc Blowfish in CBC mode + bf Alias for bf-cbc + bf-cfb Blowish in CFB mode + bf-ecb Blowfish in ECB mode + bf-ofb Blowfish in OFB mode + + cast-cbc CAST in CBC mode + cast Alias for cast-cbc + cast5-cbc CAST5 in CBC mode + cast5-cfb CAST5 in CFB mode + cast5-ecb CAST5 in ECB mode + cast5-ofb CAST5 in OFB mode + + des-cbc DES in CBC mode + des Alias for des-cbc + des-cfb DES in CBC mode + des-ofb DES in OFB mode + des-ecb DES in ECB mode + + des-ede-cbc Two key triple DES EDE in CBC mode + des-ede Alias for des-ede + des-ede-cfb Two key triple DES EDE in CFB mode + des-ede-ofb Two key triple DES EDE in OFB mode + + des-ede3-cbc Three key triple DES EDE in CBC mode + des-ede3 Alias for des-ede3-cbc + des3 Alias for des-ede3-cbc + des-ede3-cfb Three key triple DES EDE CFB mode + des-ede3-ofb Three key triple DES EDE in OFB mode + + desx DESX algorithm. + + idea-cbc IDEA algorithm in CBC mode + idea same as idea-cbc + idea-cfb IDEA in CFB mode + idea-ecb IDEA in ECB mode + idea-ofb IDEA in OFB mode + + rc2-cbc 128 bit RC2 in CBC mode + rc2 Alias for rc2-cbc + rc2-cfb 128 bit RC2 in CBC mode + rc2-ecb 128 bit RC2 in CBC mode + rc2-ofb 128 bit RC2 in CBC mode + rc2-64-cbc 64 bit RC2 in CBC mode + rc2-40-cbc 40 bit RC2 in CBC mode + + rc4 128 bit RC4 + rc4-64 64 bit RC4 + rc4-40 40 bit RC4 + + rc5-cbc RC5 cipher in CBC mode + rc5 Alias for rc5-cbc + rc5-cfb RC5 cipher in CBC mode + rc5-ecb RC5 cipher in CBC mode + rc5-ofb RC5 cipher in CBC mode + +=head1 EXAMPLES + +To be added.... + +=head1 BUGS + +The B<-A> option when used with large files doesn't work properly. + +The key derivation algorithm used is compatible with the SSLeay algorithm. It +is not very good: it uses unsalted MD5. There should be an option to allow a +salt or iteration count to be included. + +Like the EVP library the B program only supports a fixed number of +algorithms with certain parameters. So if, for example, you want to use RC2 +with a 76 bit key or RC4 with an 84 bit key you can't use this program. + +=cut