From ee84a5a7fbe491636b245d2fef760c194f74a4d9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 25 Oct 2001 16:55:17 +0000 Subject: [PATCH] Change the DES documentation to reflect the current status. Note that some password reading functions are really part of the UI compatibility library... --- doc/crypto/des.pod | 35 ++----- doc/crypto/ui.pod | 194 +++++++++++++++++++++++++++++++++++++++ doc/crypto/ui_compat.pod | 55 +++++++++++ 3 files changed, 255 insertions(+), 29 deletions(-) create mode 100644 doc/crypto/ui.pod create mode 100644 doc/crypto/ui_compat.pod diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index b64bcecc18..f54bdbbf25 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -9,7 +9,6 @@ DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, -DES_read_password, DES_read_2passwords, DES_read_pw_string, DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption @@ -86,12 +85,6 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, int *num); - int DES_read_password(DES_cblock *key, const char *prompt, int verify); - int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, - const char *prompt, int verify); - int DES_read_pw_string(char *buf, int length, const char *prompt, - int verify); - DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, long length, DES_key_schedule *schedule, const_DES_cblock *ivec); @@ -234,24 +227,7 @@ DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as DES_ofb64_encrypt(), using Triple-DES. The following functions are included in the DES library for -compatibility with the MIT Kerberos library. DES_read_pw_string() -is also available under the name EVP_read_pw_string(). - -DES_read_pw_string() writes the string specified by I to -standard output, turns echo off and reads in input string from the -terminal. The string is returned in I, which must have space for -at least I bytes. If I is set, the user is asked for -the password twice and unless the two copies match, an error is -returned. A return code of -1 indicates a system error, 1 failure due -to use interaction, and 0 is success. - -DES_read_password() does the same and converts the password to a DES -key by calling DES_string_to_key(); DES_read_2password() operates in -the same way as DES_read_password() except that it generates two keys -by using the DES_string_to_2key() function. DES_string_to_key() is -available for backward compatibility with the MIT library. New -applications should use a cryptographic hash function. The same -applies for DES_string_to_2key(). +compatibility with the MIT Kerberos library. DES_cbc_cksum() produces an 8 byte checksum based on the input stream (via CBC encryption). The last 4 bytes of the checksum are returned @@ -330,8 +306,9 @@ implemented this way because most people will be using a multiple of 8 and because once you get into pulling bytes input bytes apart things get ugly! -DES_read_pw_string() is the most machine/OS dependent function and -normally generates the most problems when porting this code. +DES_string_to_key() is available for backward compatibility with the +MIT library. New applications should use a cryptographic hash function. +The same applies for DES_string_to_2key(). =head1 CONFORMING TO @@ -357,8 +334,8 @@ already scheduled for removal. des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(), des_is_weak_key(), des_key_sched(), des_pcbc_encrypt(), -des_quad_cksum(), des_random_key(), des_read_password() and -des_string_to_key() are available in the MIT Kerberos library; +des_quad_cksum(), des_random_key() and des_string_to_key() +are available in the MIT Kerberos library; des_check_key_parity(), des_fixup_key_parity() and des_is_weak_key() are available in newer versions of that library. diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod new file mode 100644 index 0000000000..2b3535a746 --- /dev/null +++ b/doc/crypto/ui.pod @@ -0,0 +1,194 @@ +=pod + +=head1 NAME + +UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, +UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, +UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, +UI_add_error_string, UI_dup_error_string, UI_construct_prompt +UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, +UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, +UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface + +=head1 SYNOPSIS + + #include + + typedef struct ui_st UI; + typedef struct ui_method_st UI_METHOD; + + UI *UI_new(void); + UI *UI_new_method(const UI_METHOD *method); + void UI_free(UI *ui); + + int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); + int UI_dup_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); + int UI_add_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, const char *test_buf); + int UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, const char *test_buf); + int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); + int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); + int UI_add_info_string(UI *ui, const char *text); + int UI_dup_info_string(UI *ui, const char *text); + int UI_add_error_string(UI *ui, const char *text); + int UI_dup_error_string(UI *ui, const char *text); + + /* These are the possible flags. They can be or'ed together. */ + #define UI_INPUT_FLAG_ECHO 0x01 + #define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + + char *UI_construct_prompt(UI *ui_method, + const char *object_desc, const char *object_name); + + void *UI_add_user_data(UI *ui, void *user_data); + void *UI_get0_user_data(UI *ui); + + const char *UI_get0_result(UI *ui, int i); + + int UI_process(UI *ui); + + int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); + #define UI_CTRL_PRINT_ERRORS 1 + #define UI_CTRL_IS_REDOABLE 2 + + void UI_set_default_method(const UI_METHOD *meth); + const UI_METHOD *UI_get_default_method(void); + const UI_METHOD *UI_get_method(UI *ui); + const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + + UI_METHOD *UI_OpenSSL(void); + +=head1 DESCRIPTION + +UI stands for User Interface, and is general purpose set of routines to +prompt the user for text-based information. Through user-written methods +(see L), prompting can be done in any way +imaginable, be it plain text prompting, through dialog boxes or from a +cell phone. + +All the functions work through a context of the type UI. This context +contains all the information needed to prompt correctly as well as a +reference to a UI_METHOD, which is an ordered vector of functions that +carry out the actual prompting. + +The first thing to do is to create a UI with UI_new() or UI_new_method(), +then add information to it with the UI_add or UI_dup functions. Also, +user-defined random data can be passed down to the underlying method +through calls to UI_add_user_data. The default UI method doesn't care +about these data, but other methods might. Finally, use UI_process() +to actually perform the prompting and UI_get0_result() to find the result +to the prompt. + +A UI can contain more than one prompt, which are performed in the given +sequence. Each prompt gets an index number which is returned by the +UI_add and UI_dup functions, and has to be used to get the corresponding +result with UI_get0_result(). + +The functions are as follows: + +UI_new() creates a new UI using the default UI method. When done with +this UI, it should be freed using UI_free(). + +UI_new_method() creates a new UI using the given UI method. When done with +this UI, it should be freed using UI_free(). + +UI_OpenSSL() returns the built-in UI method (note: not the default one, +since the default can be changed. See further on). This method is the +most machine/OS dependent part of OpenSSL and normally generates the +most problems when porting. + +UI_free() removes a UI from memory, along with all other pieces of memory +that's connected to it, like duplicated input strings, results and others. + +UI_add_input_string() and UI_add_verify_string() add a prompt to the UI, +as well as flags and a result buffer and the desired minimum and maximum +sizes of the result. The given information is used to prompt for +information, for example a password, and to verify a password (i.e. having +the user enter it twice and check that the same string was entered twice). +UI_add_verify_string() takes and extra argument that should be a pointer +to the result buffer of the input string that it's supposed to verify, or +verification will fail. + +UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered +in a boolean way, with a single character for yes and a different character +for no. A set of characters that can be used to cancel the prompt is given +as well. The prompt itself is really divided in two, one part being the +descriptive text (given through the I argument) and one describing +the possible answers (given through the I argument). + +UI_add_info_string() and UI_add_error_string() add strings that are shown at +the same time as the prompt for extra information or to show an error string. +The difference between the two is only conceptual. With the builtin method, +there's no technical difference between them. Other methods may make a +difference between them, however. + +The flags currently supported are UI_INPUT_FLAG_ECHO, which is relevant for +UI_add_input_string() and will have the users response be echoed (when +prompting for a password, this flag should obviously not be used, and +UI_INPUT_FLAG_DEFAULT_PWD, which means that a default password of some +sort will be used (completely depending on the application and the UI +method). + +UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(), +UI_dup_info_string() and UI_dup_error_string() are basically the same +as their UI_add counterparts, except that they make their own copies +of all strings. + +UI_construct_prompt() is a helper function that can be used to create +a prompt from two pieces of information: an description and a name. +The default constructor (if there is none provided by the method used) +creates a string "Enter I for I:". With the +description "pass phrase" and the file name "foo.key", that becomes +"Enter pass phrase for foo.key:". Other methods may create whatever +string and may include encodings that will be processed by the other +method functions. + +UI_add_user_data() adds a piece of memory for the method to use at any +time. The builtin UI method doesn't care about this info. Note that several +calls to this function doesn't add data, it replaces the previous blob +with the one given as argument. + +UI_get0_user_data() retrieves the data that has last been given to the +UI with UI_add_user_data(). + +UI_get0_result() returns a pointer to the result buffer associated with +the information indexed by I. + +UI_process() goes through the information given so far, does all the printing +and prompting and returns. + +UI_ctrl() adds extra control for the application author. For now, it +understands two commands: UI_CTRL_PRINT_ERRORS, which makes UI_process() +print the OpenSSL error stack as part of processing the UI, and +UI_CTRL_IS_REDOABLE, which returns a flag saying if the used UI can +be used again or not. + +UI_set_default_method() changes the default UI method to the one given. + +UI_get_default_method() returns a pointer to the current default UI method. + +UI_get_method() returns the UI method associated with a given UI. + +UI_set_method() changes the UI method associated with a given UI. + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +The UI section was first introduced in OpenSSL 0.9.7. + +=head1 AUTHOR + +Richard Levitte (richard@levitte.org) for the OpenSSL project +(http://www.openssl.org). + +=cut diff --git a/doc/crypto/ui_compat.pod b/doc/crypto/ui_compat.pod new file mode 100644 index 0000000000..ea9c26aa7a --- /dev/null +++ b/doc/crypto/ui_compat.pod @@ -0,0 +1,55 @@ +=pod + +=head1 NAME + +des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw - +Compatibility user interface functions + +=head1 SYNOPSIS + + int des_read_password(DES_cblock *key,const char *prompt,int verify); + int des_read_2passwords(DES_cblock *key1,DES_cblock *key2, + const char *prompt,int verify); + + int des_read_pw_string(char *buf,int length,const char *prompt,int verify); + int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); + +=head1 DESCRIPTION + +The DES library contained a few routines to prompt for passwords. These +aren't necessarely dependent on DES, and have therefore become part of the +UI compatibility library. + +des_read_pw() writes the string specified by I to standard output +turns echo off and reads an input string from the terminal. The string is +returned in I, which must have spac for at least I bytes. +If I is set, the user is asked for the password twice and unless +the two copies match, an error is returned. The second password is stored +in I, which must therefore also be at least I bytes. A return +code of -1 indicates a system error, 1 failure due to use interaction, and +0 is success. All other functions described here use des_read_pw() to do +the work. + +des_read_pw_string() is a variant of des_read_pw() that provides a buffer +for you if I is set. + +des_read_password() calls des_read_pw() and converts the password to a +DES key by calling DES_string_to_key(); des_read_2password() operates in +the same way as des_read_password() except that it generates two keys +by using the DES_string_to_2key() function. + +=head1 NOTES + +des_read_pw_string() is available in the MIT Kerberos library as well, and +is also available under the name EVP_read_pw_string(). + +=head1 SEE ALSO + +L, L + +=head1 AUTHOR + +Richard Levitte (richard@levitte.org) for the OpenSSL project +(http://www.openssl.org). + +=cut -- GitLab