For the latest news and information visit The GNU Crypto project | ||
Prev Class | Next Class | Frames | No Frames | |
Summary: Nested | Field | Method | Constr | Detail: Nested | Field | Method | Constr |
java.lang.Object
gnu.crypto.cipher.BaseCipher
gnu.crypto.cipher.Cast5
public class Cast5
extends BaseCipher
CAST5
(a.k.a. CAST-128) algorithm,
as per RFC-2144, dated May 1997.
In this RFC, Carlisle Adams (the CA in CAST, ST stands for
Stafford Tavares) describes CAST5 as:
"...a DES-like Substitution-Permutation Network (SPN) cryptosystem which appears to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis. This cipher also possesses a number of other desirable cryptographic properties, including avalanche, Strict Avalanche Criterion (SAC), Bit Independence Criterion (BIC), no complementation property, and an absence of weak and semi-weak keys."
CAST5
is a symmetric block cipher with a block-size of 8
bytes and a variable key-size of up to 128 bits. Its authors, and their
employer (Entrust Technologies, a Nortel majority-owned company), made it
available worldwide on a royalty-free basis for commercial and non-commercial
uses.
The CAST5
encryption algorithm has been designed to allow a
key size that can vary from 40
bits to 128
bits,
in 8-bit increments (that is, the allowable key sizes are 40, 48, 56,
64, ..., 112, 120,
and 128
bits. For variable keysize
operation, the specification is as follows:
80
bits (i.e.,
40, 48, 56, 64, 72,
and 80
bits), the algorithm
is exactly as specified but uses 12
rounds instead of
16
;80
bits, the algorithm uses
the full 16
rounds;128
bits, the key is padded with
zero bytes (in the rightmost, or least significant, positions) out to
128
bits (since the CAST5
key schedule assumes
an input key of 128
bits).Field Summary |
Fields inherited from class gnu.crypto.cipher.BaseCipher | |
currentBlockSize , currentKey , defaultBlockSize , defaultKeySize , lock , name |
Fields inherited from interface gnu.crypto.cipher.IBlockCipher | |
CIPHER_BLOCK_SIZE , KEY_MATERIAL |
Constructor Summary | |
|
Method Summary | |
Iterator |
|
Object |
|
void |
|
void |
|
Iterator |
|
Object |
|
boolean |
|
Methods inherited from class gnu.crypto.cipher.BaseCipher | |
clone , currentBlockSize , decryptBlock , defaultBlockSize , defaultKeySize , encryptBlock , init , name , reset , selfTest , testKat , testKat |
public Iterator blockSizes()
Returns anIterator
over the supported block sizes. Each element returned by this object is anInteger
.
- Specified by:
- blockSizes in interface IBlockCipher
- blockSizes in interface IBlockCipherSpi
- Returns:
- an
Iterator
over the supported block sizes.
public Object clone()
Returns a clone of this instance.
- Specified by:
- clone in interface IBlockCipher
- Overrides:
- clone in interface BaseCipher
- Returns:
- a clone copy of this instance.
public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
Decrypts exactly one block of ciphertext.
- Specified by:
- decrypt in interface IBlockCipherSpi
- Parameters:
in
- the ciphertext.out
- the plaintext.k
- the session key to use.bs
- the block size to use.
public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs)
The full encryption algorithm is given in the following four steps.INPUT: plaintext m1...m64; key K = k1...k128. OUTPUT: ciphertext c1...c64.Decryption is identical to the encryption algorithm given above, except that the rounds (and therefore the subkey pairs) are used in reverse order to compute (L0,R0) from (R16,L16). Looking at the iterations/rounds in pairs we have:
- (key schedule) Compute 16 pairs of subkeys {Kmi, Kri} from a user key (see makeKey() method).
- (L0,R0) <-- (m1...m64). (Split the plaintext into left and right 32-bit halves L0 = m1...m32 and R0 = m33...m64.).
- (16 rounds) for i from 1 to 16, compute Li and Ri as follows:
- Li = Ri-1;
- Ri = Li-1 ^ F(Ri-1,Kmi,Kri), where F is defined in method F() -- f is of Type 1, Type 2, or Type 3, depending on i, and ^ being the bitwise XOR function.
- c1...c64 <-- (R16,L16). (Exchange final blocks L16, R16 and concatenate to form the ciphertext.)
(1a) Li = Ri-1; (1b) Ri = Li-1 ^ Fi(Ri-1); (2a) Li+1 = Ri; (2b) Ri+1 = Li ^ Fi+1(Ri);which by substituting (2a) in (2b) becomes(2c) Ri+1 = Li ^ Fi+1(Li+1);by substituting (1b) in (2a) and (1a) in (2c), we get:(3a) Li+1 = Li-1 ^ Fi(Ri-1); (3b) Ri+1 = Ri-1 ^ Fi+1(Li+1);Using only one couple of variables L and R, initialised to L0 and R0 respectively, the assignments for each pair of rounds become:(4a) L ^= Fi(R); (4b) R ^= Fi+1(L);
- Specified by:
- encrypt in interface IBlockCipherSpi
- Parameters:
in
- contains the plain-text 64-bit block.i
- start index within input where data is considered.out
- will contain the cipher-text block.j
- index in out where cipher-text starts.k
- the session key object.bs
- the desired block size.
public Iterator keySizes()
Returns anIterator
over the supported key sizes. Each element returned by this object is anInteger
.
- Specified by:
- keySizes in interface IBlockCipher
- keySizes in interface IBlockCipherSpi
- Returns:
- an
Iterator
over the supported key sizes.
public Object makeKey(byte[] uk, int bs) throws InvalidKeyException
Expands a user-supplied key material into a session key for a designated block size.
- Specified by:
- makeKey in interface IBlockCipherSpi
- Parameters:
bs
- the desired block size in bytes.
- Returns:
- an Object encapsulating the session key.
public boolean selfTest()
A correctness test that consists of basic symmetric encryption / decryption test(s) for all supported block and key sizes, as well as one (1) variable key Known Answer Test (KAT).
- Specified by:
- selfTest in interface IBlockCipher
- selfTest in interface IBlockCipherSpi
- Overrides:
- selfTest in interface BaseCipher
- Returns:
true
if the implementation passes simple correctness tests. Returnsfalse
otherwise.