Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep

cryptix.jce.provider.cipher
Class CAST5  view CAST5 download CAST5.java

java.lang.Object
  extended byjavax.crypto.CipherSpi
      extended bycryptix.jce.provider.cipher.BlockCipher
          extended bycryptix.jce.provider.cipher.CAST5

public final class CAST5
extends BlockCipher

CAST5 (a.k.a. CAST-128) in Java, as per RFC 2144.

The author, Carlisle Adams (the CA in CAST, ST standing for Stafford Tavares) describes CAST5 as:

"...a DES-like Substitution-Permutation Network (SPN) cryptosystem which appears to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis. This cipher also possesses a number of other desirable cryptographic properties, including avalanche, Strict Avalanche Criterion (SAC), Bit Independence Criterion (BIC), no complementation property, and an absence of weak and semi-weak keys."

CAST5 is a symmetric block cipher with a block-size of 8 bytes and a variable key-size of up to 128 bits. Its authors and their employer (Entrust Technologies, a Nortel majority-owned company) made it available worldwide on a royalty-free basis for commercial and non-commercial uses.

The CAST5 encryption algorithm has been designed to allow a key size that can vary from 40 bits to 128 bits, in 8-bit increments (that is, the allowable key sizes are 40, 48, 56, 64, ..., 112, 120, and 128 bits. For variable keysize operation, the specification is as follows:

  1. For key sizes up to and including 80 bits (i.e., 40, 48, 56, 64, 72, and 80 bits), the algorithm is exactly as specified but uses 12 rounds instead of 16;
  2. For key sizes greater than 80 bits, the algorithm uses the full 16 rounds;
  3. For key sizes less than 128 bits, the key is padded with zero bytes (in the rightmost, or least significant, positions) out to 128 bits (since the CAST5 key schedule assumes an input key of 128 bits).

References:

Since:
Cryptix 2.2.2
Version:
$Revision: 1.7 $

Field Summary
private static int BLOCK_SIZE
          Various constants
private  boolean decrypt
          We are in decrypt mode
private static int DEFAULT_NOF_ROUNDS
          Various constants
private  int Km0
          Masking session keys.
private  int Km1
          Masking session keys.
private  int Km10
          Masking session keys.
private  int Km11
          Masking session keys.
private  int Km12
          Masking session keys.
private  int Km13
          Masking session keys.
private  int Km14
          Masking session keys.
private  int Km15
          Masking session keys.
private  int Km2
          Masking session keys.
private  int Km3
          Masking session keys.
private  int Km4
          Masking session keys.
private  int Km5
          Masking session keys.
private  int Km6
          Masking session keys.
private  int Km7
          Masking session keys.
private  int Km8
          Masking session keys.
private  int Km9
          Masking session keys.
private  int Kr0
          Rotation session keys.
private  int Kr1
          Rotation session keys.
private  int Kr10
          Rotation session keys.
private  int Kr11
          Rotation session keys.
private  int Kr12
          Rotation session keys.
private  int Kr13
          Rotation session keys.
private  int Kr14
          Rotation session keys.
private  int Kr15
          Rotation session keys.
private  int Kr2
          Rotation session keys.
private  int Kr3
          Rotation session keys.
private  int Kr4
          Rotation session keys.
private  int Kr5
          Rotation session keys.
private  int Kr6
          Rotation session keys.
private  int Kr7
          Rotation session keys.
private  int Kr8
          Rotation session keys.
private  int Kr9
          Rotation session keys.
private static int MAX_NOF_ROUNDS
          Various constants
private static int MIN_NOF_ROUNDS
          Various constants
private  int rounds
          Number of rounds (depends on key length)
private static int[] S0
          8 S-boxes
private static int[] S1
          8 S-boxes
private static int[] S2
          8 S-boxes
private static int[] S3
          8 S-boxes
private static int[] S4
          8 S-boxes
private static int[] S5
          8 S-boxes
private static int[] S6
          8 S-boxes
private static int[] S7
          8 S-boxes
private static int[] S8
          8 S-boxes
private static java.lang.String sS0
          Compressed S-boxes.
private static java.lang.String sS1
          Compressed S-boxes.
private static java.lang.String sS2
          Compressed S-boxes.
private static java.lang.String sS3
          Compressed S-boxes.
private static java.lang.String sS4
          Compressed S-boxes.
private static java.lang.String sS5
          Compressed S-boxes.
private static java.lang.String sS6
          Compressed S-boxes.
private static java.lang.String sS7
          Compressed S-boxes.
private static java.lang.String sS8
          Compressed S-boxes.
 
Fields inherited from class cryptix.jce.provider.cipher.BlockCipher
 
Constructor Summary
CAST5()
           
 
Method Summary
private  void blockDecrypt(byte[] in, int off, byte[] out, int outOff)
          Decrypts a 64-bit block by applying the formulae and sub-keys in reverse order to that of the encryption.
private  void blockEncrypt(byte[] in, int off, byte[] out, int outOff)
          The full encryption algorithm is given in the following four steps.
protected  void coreCrypt(byte[] in, int inOffset, byte[] out, int outOffset)
          Encrypt or decrypt a single data block
protected  void coreInit(java.security.Key key, boolean decrypt)
          Initializes this cipher using the specified key.
private static int[] expand(java.lang.String in)
          Expand a String of compressed S-box data and return an S-box with uncompressed data.
private  int f1(int I, int m, int r)
           
private  int f2(int I, int m, int r)
           
private  int f3(int I, int m, int r)
           
private  void makeKey(java.security.Key key)
          Expands a user key to a working CAST5 128-bit key --by padding it with 0x00 if it's shorter than 16 bytes-- and generates the masking and rotation keypairs for the block cipher.
private static int[] unscramble(int x)
          Assuming the input is a 32-bit block organised as: b31b30b29...b0, returns an array of 4 Java ints, containing from position 0 onward the values: {b31b30b29b28, b27b26b25b24, ...
 
Methods inherited from class cryptix.jce.provider.cipher.BlockCipher
clone, coreGetBlockSize, engineDoFinal, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetKeySize, engineGetOutputSize, engineGetParameters, engineInit, engineInit, engineInit, engineSetMode, engineSetPadding, engineUpdate, engineUpdate
 
Methods inherited from class javax.crypto.CipherSpi
engineDoFinal, engineUnwrap, engineUpdate, engineWrap
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

MIN_NOF_ROUNDS

private static final int MIN_NOF_ROUNDS
Various constants

See Also:
Constant Field Values

MAX_NOF_ROUNDS

private static final int MAX_NOF_ROUNDS
Various constants

See Also:
Constant Field Values

BLOCK_SIZE

private static final int BLOCK_SIZE
Various constants

See Also:
Constant Field Values

DEFAULT_NOF_ROUNDS

private static final int DEFAULT_NOF_ROUNDS
Various constants

See Also:
Constant Field Values

sS0

private static java.lang.String sS0
Compressed S-boxes. Compiled size from 33K to 21K. See Blowfish.java for more info.


sS1

private static java.lang.String sS1
Compressed S-boxes. Compiled size from 33K to 21K. See Blowfish.java for more info.


sS2

private static java.lang.String sS2
Compressed S-boxes. Compiled size from 33K to 21K. See Blowfish.java for more info.


sS3

private static java.lang.String sS3
Compressed S-boxes. Compiled size from 33K to 21K. See Blowfish.java for more info.


sS4

private static java.lang.String sS4
Compressed S-boxes. Compiled size from 33K to 21K. See Blowfish.java for more info.


sS5

private static java.lang.String sS5
Compressed S-boxes. Compiled size from 33K to 21K. See Blowfish.java for more info.


sS6

private static java.lang.String sS6
Compressed S-boxes. Compiled size from 33K to 21K. See Blowfish.java for more info.


sS7

private static java.lang.String sS7
Compressed S-boxes. Compiled size from 33K to 21K. See Blowfish.java for more info.


sS8

private static java.lang.String sS8
Compressed S-boxes. Compiled size from 33K to 21K. See Blowfish.java for more info.


S0

private static final int[] S0
8 S-boxes


S1

private static final int[] S1
8 S-boxes


S2

private static final int[] S2
8 S-boxes


S3

private static final int[] S3
8 S-boxes


S4

private static final int[] S4
8 S-boxes


S5

private static final int[] S5
8 S-boxes


S6

private static final int[] S6
8 S-boxes


S7

private static final int[] S7
8 S-boxes


S8

private static final int[] S8
8 S-boxes


decrypt

private boolean decrypt
We are in decrypt mode


rounds

private int rounds
Number of rounds (depends on key length)


Km0

private int Km0
Masking session keys.


Km1

private int Km1
Masking session keys.


Km2

private int Km2
Masking session keys.


Km3

private int Km3
Masking session keys.


Km4

private int Km4
Masking session keys.


Km5

private int Km5
Masking session keys.


Km6

private int Km6
Masking session keys.


Km7

private int Km7
Masking session keys.


Km8

private int Km8
Masking session keys.


Km9

private int Km9
Masking session keys.


Km10

private int Km10
Masking session keys.


Km11

private int Km11
Masking session keys.


Km12

private int Km12
Masking session keys.


Km13

private int Km13
Masking session keys.


Km14

private int Km14
Masking session keys.


Km15

private int Km15
Masking session keys.


Kr0

private int Kr0
Rotation session keys.


Kr1

private int Kr1
Rotation session keys.


Kr2

private int Kr2
Rotation session keys.


Kr3

private int Kr3
Rotation session keys.


Kr4

private int Kr4
Rotation session keys.


Kr5

private int Kr5
Rotation session keys.


Kr6

private int Kr6
Rotation session keys.


Kr7

private int Kr7
Rotation session keys.


Kr8

private int Kr8
Rotation session keys.


Kr9

private int Kr9
Rotation session keys.


Kr10

private int Kr10
Rotation session keys.


Kr11

private int Kr11
Rotation session keys.


Kr12

private int Kr12
Rotation session keys.


Kr13

private int Kr13
Rotation session keys.


Kr14

private int Kr14
Rotation session keys.


Kr15

private int Kr15
Rotation session keys.

Constructor Detail

CAST5

public CAST5()
Method Detail

expand

private static int[] expand(java.lang.String in)
Expand a String of compressed S-box data and return an S-box with uncompressed data.


coreInit

protected void coreInit(java.security.Key key,
                        boolean decrypt)
                 throws java.security.InvalidKeyException
Initializes this cipher using the specified key.

Specified by:
coreInit in class BlockCipher

coreCrypt

protected void coreCrypt(byte[] in,
                         int inOffset,
                         byte[] out,
                         int outOffset)
Encrypt or decrypt a single data block

Specified by:
coreCrypt in class BlockCipher

makeKey

private void makeKey(java.security.Key key)
              throws java.security.InvalidKeyException
Expands a user key to a working CAST5 128-bit key --by padding it with 0x00 if it's shorter than 16 bytes-- and generates the masking and rotation keypairs for the block cipher.


unscramble

private static final int[] unscramble(int x)
Assuming the input is a 32-bit block organised as: b31b30b29...b0, returns an array of 4 Java ints, containing from position 0 onward the values: {b31b30b29b28, b27b26b25b24, ... , b3b2b1b0}.


blockEncrypt

private void blockEncrypt(byte[] in,
                          int off,
                          byte[] out,
                          int outOff)
The full encryption algorithm is given in the following four steps.

INPUT: plaintext m1...m64; key K = k1...k128.
OUTPUT: ciphertext c1...c64.

  1. (key schedule) Compute 16 pairs of subkeys {Kmi, Kri} from a user key (see makeKey() method).
  2. (L0,R0) <-- (m1...m64). (Split the plaintext into left and right 32-bit halves L0 = m1...m32 and R0 = m33...m64.).
  3. (16 rounds) for i from 1 to 16, compute Li and Ri as follows:
    • Li = Ri-1;
    • Ri = Li-1 ^ F(Ri-1,Kmi,Kri), where F is defined in method F() --f is of Type 1, Type 2, or Type 3, depending on i, and ^ being the bitwise XOR function.
  4. c1...c64 <-- (R16,L16). (Exchange final blocks L16, R16 and concatenate to form the ciphertext.)

Decryption is identical to the encryption algorithm given above, except that the rounds (and therefore the subkey pairs) are used in reverse order to compute (L0,R0) from (R16,L16).

Looking at the iterations/rounds in pairs we have:

 (1a)    Li = Ri-1;
 (1b)    Ri = Li-1 ^ Fi(Ri-1);
 (2a)    Li+1 = Ri;
 (2b)    Ri+1 = Li ^ Fi+1(Ri);
 
which by substituting (2a) in (2b) becomes
 (2c)    Ri+1 = Li ^ Fi+1(Li+1);
 
by substituting (1b) in (2a) and (1a) in (2c), we get:
 (3a)    Li+1 = Li-1 ^ Fi(Ri-1);
 (3b)    Ri+1 = Ri-1 ^ Fi+1(Li+1);
 
Using only one couple of variables L and R, initialised to L0 and R0 respectively, the assignments for each pair of rounds become:
 (4a)    L ^= Fi(R);
 (4b)    R ^= Fi+1(L);
 


blockDecrypt

private void blockDecrypt(byte[] in,
                          int off,
                          byte[] out,
                          int outOff)
Decrypts a 64-bit block by applying the formulae and sub-keys in reverse order to that of the encryption.


f1

private final int f1(int I,
                     int m,
                     int r)

f2

private final int f2(int I,
                     int m,
                     int r)

f3

private final int f3(int I,
                     int m,
                     int r)