|
|||||||||
| Home >> All >> cryptix >> jce >> provider >> [ cipher overview ] | PREV CLASS NEXT CLASS | ||||||||
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||
cryptix.jce.provider.cipher
Class CAST5
java.lang.Objectjavax.crypto.CipherSpi
- public final class CAST5
- extends BlockCipher
CAST5 (a.k.a. CAST-128) in Java, as per RFC 2144.
The author, Carlisle Adams (the CA in CAST, ST standing for Stafford Tavares) describes CAST5 as:
"...a DES-like Substitution-Permutation Network (SPN) cryptosystem which appears to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis. This cipher also possesses a number of other desirable cryptographic properties, including avalanche, Strict Avalanche Criterion (SAC), Bit Independence Criterion (BIC), no complementation property, and an absence of weak and semi-weak keys."
CAST5 is a symmetric block cipher with a block-size of 8 bytes and a variable key-size of up to 128 bits. Its authors and their employer (Entrust Technologies, a Nortel majority-owned company) made it available worldwide on a royalty-free basis for commercial and non-commercial uses.
The CAST5 encryption algorithm has been designed to allow a key size that can vary from 40 bits to 128 bits, in 8-bit increments (that is, the allowable key sizes are 40, 48, 56, 64, ..., 112, 120, and 128 bits. For variable keysize operation, the specification is as follows:
- For key sizes up to and including 80 bits (i.e., 40, 48, 56, 64, 72, and 80 bits), the algorithm is exactly as specified but uses 12 rounds instead of 16;
- For key sizes greater than 80 bits, the algorithm uses the full 16 rounds;
- For key sizes less than 128 bits, the key is padded with zero bytes (in the rightmost, or least significant, positions) out to 128 bits (since the CAST5 key schedule assumes an input key of 128 bits).
References:
- Carlisle Adams, RFC 2144, May 1997.
- Since:
- Cryptix 2.2.2
- Version:
- $Revision: 1.7 $
| Field Summary | |
private static int |
BLOCK_SIZE
Various constants |
private boolean |
decrypt
We are in decrypt mode |
private static int |
DEFAULT_NOF_ROUNDS
Various constants |
private int |
Km0
Masking session keys. |
private int |
Km1
Masking session keys. |
private int |
Km10
Masking session keys. |
private int |
Km11
Masking session keys. |
private int |
Km12
Masking session keys. |
private int |
Km13
Masking session keys. |
private int |
Km14
Masking session keys. |
private int |
Km15
Masking session keys. |
private int |
Km2
Masking session keys. |
private int |
Km3
Masking session keys. |
private int |
Km4
Masking session keys. |
private int |
Km5
Masking session keys. |
private int |
Km6
Masking session keys. |
private int |
Km7
Masking session keys. |
private int |
Km8
Masking session keys. |
private int |
Km9
Masking session keys. |
private int |
Kr0
Rotation session keys. |
private int |
Kr1
Rotation session keys. |
private int |
Kr10
Rotation session keys. |
private int |
Kr11
Rotation session keys. |
private int |
Kr12
Rotation session keys. |
private int |
Kr13
Rotation session keys. |
private int |
Kr14
Rotation session keys. |
private int |
Kr15
Rotation session keys. |
private int |
Kr2
Rotation session keys. |
private int |
Kr3
Rotation session keys. |
private int |
Kr4
Rotation session keys. |
private int |
Kr5
Rotation session keys. |
private int |
Kr6
Rotation session keys. |
private int |
Kr7
Rotation session keys. |
private int |
Kr8
Rotation session keys. |
private int |
Kr9
Rotation session keys. |
private static int |
MAX_NOF_ROUNDS
Various constants |
private static int |
MIN_NOF_ROUNDS
Various constants |
private int |
rounds
Number of rounds (depends on key length) |
private static int[] |
S0
8 S-boxes |
private static int[] |
S1
8 S-boxes |
private static int[] |
S2
8 S-boxes |
private static int[] |
S3
8 S-boxes |
private static int[] |
S4
8 S-boxes |
private static int[] |
S5
8 S-boxes |
private static int[] |
S6
8 S-boxes |
private static int[] |
S7
8 S-boxes |
private static int[] |
S8
8 S-boxes |
private static java.lang.String |
sS0
Compressed S-boxes. |
private static java.lang.String |
sS1
Compressed S-boxes. |
private static java.lang.String |
sS2
Compressed S-boxes. |
private static java.lang.String |
sS3
Compressed S-boxes. |
private static java.lang.String |
sS4
Compressed S-boxes. |
private static java.lang.String |
sS5
Compressed S-boxes. |
private static java.lang.String |
sS6
Compressed S-boxes. |
private static java.lang.String |
sS7
Compressed S-boxes. |
private static java.lang.String |
sS8
Compressed S-boxes. |
| Fields inherited from class cryptix.jce.provider.cipher.BlockCipher |
|
| Constructor Summary | |
CAST5()
|
|
| Method Summary | |
private void |
blockDecrypt(byte[] in,
int off,
byte[] out,
int outOff)
Decrypts a 64-bit block by applying the formulae and sub-keys in reverse order to that of the encryption. |
private void |
blockEncrypt(byte[] in,
int off,
byte[] out,
int outOff)
The full encryption algorithm is given in the following four steps. |
protected void |
coreCrypt(byte[] in,
int inOffset,
byte[] out,
int outOffset)
Encrypt or decrypt a single data block |
protected void |
coreInit(java.security.Key key,
boolean decrypt)
Initializes this cipher using the specified key. |
private static int[] |
expand(java.lang.String in)
Expand a String of compressed S-box data and return an S-box with uncompressed data. |
private int |
f1(int I,
int m,
int r)
|
private int |
f2(int I,
int m,
int r)
|
private int |
f3(int I,
int m,
int r)
|
private void |
makeKey(java.security.Key key)
Expands a user key to a working CAST5 128-bit key --by padding it with 0x00 if it's shorter than 16 bytes-- and generates the masking and rotation keypairs for the block cipher. |
private static int[] |
unscramble(int x)
Assuming the input is a 32-bit block organised as: b31b30b29...b0, returns an array of 4 Java ints, containing from position 0 onward the values: {b31b30b29b28, b27b26b25b24, ... |
| Methods inherited from class cryptix.jce.provider.cipher.BlockCipher |
clone, coreGetBlockSize, engineDoFinal, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetKeySize, engineGetOutputSize, engineGetParameters, engineInit, engineInit, engineInit, engineSetMode, engineSetPadding, engineUpdate, engineUpdate |
| Methods inherited from class javax.crypto.CipherSpi |
engineDoFinal, engineUnwrap, engineUpdate, engineWrap |
| Methods inherited from class java.lang.Object |
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
MIN_NOF_ROUNDS
private static final int MIN_NOF_ROUNDS
- Various constants
- See Also:
- Constant Field Values
MAX_NOF_ROUNDS
private static final int MAX_NOF_ROUNDS
- Various constants
- See Also:
- Constant Field Values
BLOCK_SIZE
private static final int BLOCK_SIZE
- Various constants
- See Also:
- Constant Field Values
DEFAULT_NOF_ROUNDS
private static final int DEFAULT_NOF_ROUNDS
- Various constants
- See Also:
- Constant Field Values
sS0
private static java.lang.String sS0
- Compressed S-boxes.
Compiled size from 33K to 21K. See Blowfish.java for more info.
sS1
private static java.lang.String sS1
- Compressed S-boxes.
Compiled size from 33K to 21K. See Blowfish.java for more info.
sS2
private static java.lang.String sS2
- Compressed S-boxes.
Compiled size from 33K to 21K. See Blowfish.java for more info.
sS3
private static java.lang.String sS3
- Compressed S-boxes.
Compiled size from 33K to 21K. See Blowfish.java for more info.
sS4
private static java.lang.String sS4
- Compressed S-boxes.
Compiled size from 33K to 21K. See Blowfish.java for more info.
sS5
private static java.lang.String sS5
- Compressed S-boxes.
Compiled size from 33K to 21K. See Blowfish.java for more info.
sS6
private static java.lang.String sS6
- Compressed S-boxes.
Compiled size from 33K to 21K. See Blowfish.java for more info.
sS7
private static java.lang.String sS7
- Compressed S-boxes.
Compiled size from 33K to 21K. See Blowfish.java for more info.
sS8
private static java.lang.String sS8
- Compressed S-boxes.
Compiled size from 33K to 21K. See Blowfish.java for more info.
S0
private static final int[] S0
- 8 S-boxes
S1
private static final int[] S1
- 8 S-boxes
S2
private static final int[] S2
- 8 S-boxes
S3
private static final int[] S3
- 8 S-boxes
S4
private static final int[] S4
- 8 S-boxes
S5
private static final int[] S5
- 8 S-boxes
S6
private static final int[] S6
- 8 S-boxes
S7
private static final int[] S7
- 8 S-boxes
S8
private static final int[] S8
- 8 S-boxes
decrypt
private boolean decrypt
- We are in decrypt mode
rounds
private int rounds
- Number of rounds (depends on key length)
Km0
private int Km0
- Masking session keys.
Km1
private int Km1
- Masking session keys.
Km2
private int Km2
- Masking session keys.
Km3
private int Km3
- Masking session keys.
Km4
private int Km4
- Masking session keys.
Km5
private int Km5
- Masking session keys.
Km6
private int Km6
- Masking session keys.
Km7
private int Km7
- Masking session keys.
Km8
private int Km8
- Masking session keys.
Km9
private int Km9
- Masking session keys.
Km10
private int Km10
- Masking session keys.
Km11
private int Km11
- Masking session keys.
Km12
private int Km12
- Masking session keys.
Km13
private int Km13
- Masking session keys.
Km14
private int Km14
- Masking session keys.
Km15
private int Km15
- Masking session keys.
Kr0
private int Kr0
- Rotation session keys.
Kr1
private int Kr1
- Rotation session keys.
Kr2
private int Kr2
- Rotation session keys.
Kr3
private int Kr3
- Rotation session keys.
Kr4
private int Kr4
- Rotation session keys.
Kr5
private int Kr5
- Rotation session keys.
Kr6
private int Kr6
- Rotation session keys.
Kr7
private int Kr7
- Rotation session keys.
Kr8
private int Kr8
- Rotation session keys.
Kr9
private int Kr9
- Rotation session keys.
Kr10
private int Kr10
- Rotation session keys.
Kr11
private int Kr11
- Rotation session keys.
Kr12
private int Kr12
- Rotation session keys.
Kr13
private int Kr13
- Rotation session keys.
Kr14
private int Kr14
- Rotation session keys.
Kr15
private int Kr15
- Rotation session keys.
| Constructor Detail |
CAST5
public CAST5()
| Method Detail |
expand
private static int[] expand(java.lang.String in)
- Expand a String of compressed S-box data and return an
S-box with uncompressed data.
coreInit
protected void coreInit(java.security.Key key, boolean decrypt) throws java.security.InvalidKeyException
- Initializes this cipher using the specified key.
- Specified by:
coreInitin classBlockCipher
coreCrypt
protected void coreCrypt(byte[] in,
int inOffset,
byte[] out,
int outOffset)
- Encrypt or decrypt a single data block
- Specified by:
coreCryptin classBlockCipher
makeKey
private void makeKey(java.security.Key key) throws java.security.InvalidKeyException
- Expands a user key to a working CAST5 128-bit key --by
padding it with 0x00 if it's shorter than 16 bytes--
and generates the masking and rotation keypairs for
the block cipher.
unscramble
private static final int[] unscramble(int x)
- Assuming the input is a 32-bit block organised as: b31b30b29...b0,
returns an array of 4 Java ints, containing from position 0 onward
the values: {b31b30b29b28, b27b26b25b24, ... , b3b2b1b0}.
blockEncrypt
private void blockEncrypt(byte[] in,
int off,
byte[] out,
int outOff)
- The full encryption algorithm is given in the following four steps.
INPUT: plaintext m1...m64; key K = k1...k128.
OUTPUT: ciphertext c1...c64.- (key schedule) Compute 16 pairs of subkeys {Kmi, Kri} from a user key (see makeKey() method).
- (L0,R0) <-- (m1...m64). (Split the plaintext into left and right 32-bit halves L0 = m1...m32 and R0 = m33...m64.).
- (16 rounds) for i from 1 to 16, compute Li and Ri as
follows:
- Li = Ri-1;
- Ri = Li-1 ^ F(Ri-1,Kmi,Kri), where F is defined in method F() --f is of Type 1, Type 2, or Type 3, depending on i, and ^ being the bitwise XOR function.
- c1...c64 <-- (R16,L16). (Exchange final blocks L16, R16 and concatenate to form the ciphertext.)
Decryption is identical to the encryption algorithm given above, except that the rounds (and therefore the subkey pairs) are used in reverse order to compute (L0,R0) from (R16,L16).
Looking at the iterations/rounds in pairs we have:
(1a) Li = Ri-1; (1b) Ri = Li-1 ^ Fi(Ri-1); (2a) Li+1 = Ri; (2b) Ri+1 = Li ^ Fi+1(Ri);
which by substituting (2a) in (2b) becomes(2c) Ri+1 = Li ^ Fi+1(Li+1);
by substituting (1b) in (2a) and (1a) in (2c), we get:(3a) Li+1 = Li-1 ^ Fi(Ri-1); (3b) Ri+1 = Ri-1 ^ Fi+1(Li+1);
Using only one couple of variables L and R, initialised to L0 and R0 respectively, the assignments for each pair of rounds become:(4a) L ^= Fi(R); (4b) R ^= Fi+1(L);
blockDecrypt
private void blockDecrypt(byte[] in,
int off,
byte[] out,
int outOff)
- Decrypts a 64-bit block by applying the formulae and sub-keys
in reverse order to that of the encryption.
f1
private final int f1(int I,
int m,
int r)
f2
private final int f2(int I,
int m,
int r)
f3
private final int f3(int I,
int m,
int r)
|
|||||||||
| Home >> All >> cryptix >> jce >> provider >> [ cipher overview ] | PREV CLASS NEXT CLASS | ||||||||
|
SUMMARY: JAVADOC | SOURCE | DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||