gnu.javax.crypto.cipher
Class Cast5
- Cloneable, IBlockCipher, gnu.javax.crypto.cipher.IBlockCipherSpi
An implmenetation of the
CAST5 (a.k.a. CAST-128) algorithm,
as per
RFC-2144, dated May 1997.
In this RFC,
Carlisle Adams (the CA in CAST, ST stands for
Stafford Tavares) describes CAST5 as:
"...a DES-like Substitution-Permutation Network (SPN) cryptosystem which
appears to have good resistance to differential cryptanalysis, linear
cryptanalysis, and related-key cryptanalysis. This cipher also possesses
a number of other desirable cryptographic properties, including avalanche,
Strict Avalanche Criterion (SAC), Bit Independence Criterion (BIC), no
complementation property, and an absence of weak and semi-weak keys."
CAST5 is a symmetric block cipher with a block-size of 8
bytes and a variable key-size of up to 128 bits. Its authors, and their
employer (Entrust Technologies, a Nortel majority-owned company), made it
available worldwide on a royalty-free basis for commercial and non-commercial
uses.
The
CAST5 encryption algorithm has been designed to allow a
key size that can vary from
40 bits to
128 bits,
in 8-bit increments (that is, the allowable key sizes are
40, 48, 56,
64, ..., 112, 120, and
128 bits. For variable keysize
operation, the specification is as follows:
- For key sizes up to and including
80 bits (i.e.,
40, 48, 56, 64, 72, and 80 bits), the algorithm
is exactly as specified but uses 12 rounds instead of
16; - For key sizes greater than
80 bits, the algorithm uses
the full 16 rounds; - For key sizes less than
128 bits, the key is padded with
zero bytes (in the rightmost, or least significant, positions) out to
128 bits (since the CAST5 key schedule assumes
an input key of 128 bits).
References:
- The CAST-128 Encryption
Algorithm.
Carlisle Adams.
Cast5()- Trivial 0-arguments constructor.
|
Iterator<E> | blockSizes()- Returns an
Iterator over the supported block sizes.
|
Object | clone()- Returns a clone of this instance.
|
void | decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)- Decrypts exactly one block of ciphertext.
|
void | encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)- The full encryption algorithm is given in the following four steps.
|
Iterator<E> | keySizes()- Returns an
Iterator over the supported key sizes.
|
Object | makeKey(byte[] uk, int bs)- Expands a user-supplied key material into a session key for a designated
block size.
|
boolean | selfTest()- A correctness test that consists of basic symmetric encryption /
decryption test(s) for all supported block and key sizes, as well as one
(1) variable key Known Answer Test (KAT).
|
clone, currentBlockSize, decryptBlock, defaultBlockSize, defaultKeySize, encryptBlock, init, name, reset, selfTest, testKat, testKat |
clone, equals, extends Object> getClass, finalize, hashCode, notify, notifyAll, toString, wait, wait, wait |
Cast5
public Cast5()
Trivial 0-arguments constructor.
decrypt
public void decrypt(byte[] in,
int i,
byte[] out,
int j,
Object k,
int bs) Decrypts exactly one block of ciphertext.
- decrypt in interface gnu.javax.crypto.cipher.IBlockCipherSpi
in - the ciphertext.out - the plaintext.k - the session key to use.bs - the block size to use.
encrypt
public void encrypt(byte[] in,
int i,
byte[] out,
int j,
Object k,
int bs) The full encryption algorithm is given in the following four steps.
INPUT: plaintext m1...m64; key K = k1...k128.
OUTPUT: ciphertext c1...c64.
- (key schedule) Compute 16 pairs of subkeys {Kmi, Kri} from a user
key (see makeKey() method).
- (L0,R0) <-- (m1...m64). (Split the plaintext into left and right
32-bit halves L0 = m1...m32 and R0 = m33...m64.).
- (16 rounds) for i from 1 to 16, compute Li and Ri as follows:
- Li = Ri-1;
- Ri = Li-1 ^ F(Ri-1,Kmi,Kri), where F is defined in method F() --
f is of Type 1, Type 2, or Type 3, depending on i, and ^ being the
bitwise XOR function.
- c1...c64 <-- (R16,L16). (Exchange final blocks L16, R16 and
concatenate to form the ciphertext.)
Decryption is identical to the encryption algorithm given above, except
that the rounds (and therefore the subkey pairs) are used in reverse order
to compute (L0,R0) from (R16,L16).
Looking at the iterations/rounds in pairs we have:
(1a) Li = Ri-1;
(1b) Ri = Li-1 ^ Fi(Ri-1);
(2a) Li+1 = Ri;
(2b) Ri+1 = Li ^ Fi+1(Ri);
which by substituting (2a) in (2b) becomes
(2c) Ri+1 = Li ^ Fi+1(Li+1);
by substituting (1b) in (2a) and (1a) in (2c), we get:
(3a) Li+1 = Li-1 ^ Fi(Ri-1);
(3b) Ri+1 = Ri-1 ^ Fi+1(Li+1);
Using only one couple of variables L and R, initialised to L0 and R0
respectively, the assignments for each pair of rounds become:
(4a) L ^= Fi(R);
(4b) R ^= Fi+1(L);
- encrypt in interface gnu.javax.crypto.cipher.IBlockCipherSpi
in - contains the plain-text 64-bit block.i - start index within input where data is considered.out - will contain the cipher-text block.j - index in out where cipher-text starts.k - the session key object.bs - the desired block size.
makeKey
public Object makeKey(byte[] uk,
int bs)
throws InvalidKeyException Expands a user-supplied key material into a session key for a designated
block size.
- makeKey in interface gnu.javax.crypto.cipher.IBlockCipherSpi
bs - the desired block size in bytes.
- an Object encapsulating the session key.
selfTest
public boolean selfTest()
A correctness test that consists of basic symmetric encryption /
decryption test(s) for all supported block and key sizes, as well as one
(1) variable key Known Answer Test (KAT).
- selfTest in interface IBlockCipher
- selfTest in interface gnu.javax.crypto.cipher.IBlockCipherSpi
- selfTest in interface BaseCipher
true if the implementation passes simple
correctness tests. Returns false otherwise.
Cast5.java --
Copyright (C) 2003, 2006 Free Software Foundation, Inc.
This file is a part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
USA
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version.