public class Cast5 extends BaseCipher
An implmenetation of the CAST5 (a.k.a. CAST-128) algorithm,
as per RFC-2144, dated May 1997.
In this RFC, Carlisle Adams (the CA in CAST, ST stands for Stafford Tavares) describes CAST5 as:
"...a DES-like Substitution-Permutation Network (SPN) cryptosystem which appears to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis. This cipher also possesses a number of other desirable cryptographic properties, including avalanche, Strict Avalanche Criterion (SAC), Bit Independence Criterion (BIC), no complementation property, and an absence of weak and semi-weak keys."
CAST5 is a symmetric block cipher with a block-size of 8
bytes and a variable key-size of up to 128 bits. Its authors, and their
employer (Entrust Technologies, a Nortel majority-owned company), made it
available worldwide on a royalty-free basis for commercial and non-commercial
uses.
The CAST5 encryption algorithm has been designed to allow a
key size that can vary from 40 bits to 128 bits,
in 8-bit increments (that is, the allowable key sizes are 40, 48, 56,
64, ..., 112, 120, and 128 bits. For variable keysize
operation, the specification is as follows:
80 bits (i.e.,
40, 48, 56, 64, 72, and 80 bits), the algorithm
is exactly as specified but uses 12 rounds instead of
16;80 bits, the algorithm uses
the full 16 rounds;128 bits, the key is padded with
zero bytes (in the rightmost, or least significant, positions) out to
128 bits (since the CAST5 key schedule assumes
an input key of 128 bits).References:
currentBlockSize, currentKey, defaultBlockSize, defaultKeySize, lock, nameCIPHER_BLOCK_SIZE, KEY_MATERIAL| Constructor and Description |
|---|
Cast5()
Trivial 0-arguments constructor.
|
| Modifier and Type | Method and Description |
|---|---|
java.util.Iterator |
blockSizes()
Returns an
Iterator over the supported block sizes. |
java.lang.Object |
clone()
Returns a clone of this instance.
|
void |
decrypt(byte[] in,
int i,
byte[] out,
int j,
java.lang.Object k,
int bs) |
void |
encrypt(byte[] in,
int i,
byte[] out,
int j,
java.lang.Object k,
int bs)
The full encryption algorithm is given in the following four steps.
|
java.util.Iterator |
keySizes()
Returns an
Iterator over the supported key sizes. |
java.lang.Object |
makeKey(byte[] uk,
int bs) |
boolean |
selfTest()
A correctness test that consists of basic symmetric encryption /
decryption test(s) for all supported block and key sizes, as well as one
(1) variable key Known Answer Test (KAT).
|
currentBlockSize, decryptBlock, defaultBlockSize, defaultKeySize, encryptBlock, init, name, reset, testKat, testKatpublic java.lang.Object clone()
IBlockCipherReturns a clone of this instance.
clone in interface IBlockCipherclone in class BaseCipherpublic java.util.Iterator blockSizes()
IBlockCipherReturns an Iterator over the supported block sizes. Each
element returned by this object is an Integer.
Iterator over the supported block sizes.public java.util.Iterator keySizes()
IBlockCipherReturns an Iterator over the supported key sizes. Each element
returned by this object is an Integer.
Iterator over the supported key sizes.public java.lang.Object makeKey(byte[] uk,
int bs)
throws java.security.InvalidKeyException
java.security.InvalidKeyExceptionpublic void encrypt(byte[] in,
int i,
byte[] out,
int j,
java.lang.Object k,
int bs)
The full encryption algorithm is given in the following four steps.
INPUT: plaintext m1...m64; key K = k1...k128.
OUTPUT: ciphertext c1...c64.
Decryption is identical to the encryption algorithm given above, except that the rounds (and therefore the subkey pairs) are used in reverse order to compute (L0,R0) from (R16,L16).
Looking at the iterations/rounds in pairs we have:
(1a) Li = Ri-1;
(1b) Ri = Li-1 ^ Fi(Ri-1);
(2a) Li+1 = Ri;
(2b) Ri+1 = Li ^ Fi+1(Ri);
which by substituting (2a) in (2b) becomes
(2c) Ri+1 = Li ^ Fi+1(Li+1);
by substituting (1b) in (2a) and (1a) in (2c), we get:
(3a) Li+1 = Li-1 ^ Fi(Ri-1);
(3b) Ri+1 = Ri-1 ^ Fi+1(Li+1);
Using only one couple of variables L and R, initialised to L0 and R0
respectively, the assignments for each pair of rounds become:
(4a) L ^= Fi(R);
(4b) R ^= Fi+1(L);
in - contains the plain-text 64-bit block.i - start index within input where data is considered.out - will contain the cipher-text block.j - index in out where cipher-text starts.k - the session key object.bs - the desired block size.public void decrypt(byte[] in,
int i,
byte[] out,
int j,
java.lang.Object k,
int bs)
public boolean selfTest()
IBlockCipherA correctness test that consists of basic symmetric encryption / decryption test(s) for all supported block and key sizes, as well as one (1) variable key Known Answer Test (KAT).
selfTest in interface IBlockCipherselfTest in class BaseCiphertrue if the implementation passes simple
correctness tests. Returns false otherwise.Copyright © 2025. All rights reserved.