All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.crypto.engines.CAST6Engine Maven / Gradle / Ivy

Go to download

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up. Note: this package includes the NTRU encryption algorithms.

There is a newer version: 1.78.1
Show newest version
package org.bouncycastle.crypto.engines;


/**
 * A class that provides CAST6 key encryption operations,
 * such as encoding data and generating keys.
 *
 * All the algorithms herein are from the Internet RFC
 *
 * RFC2612 - CAST6 (128bit block, 128-256bit key)
 *
 * and implement a simplified cryptography interface.
 */
public final class CAST6Engine extends CAST5Engine
{
    //====================================
    // Useful constants
    //====================================

    protected static final int    ROUNDS = 12;

    protected static final int    BLOCK_SIZE = 16;  // bytes = 128 bits

    /*
     * Put the round and mask keys into an array.
     * Kr0[i] => _Kr[i*4 + 0]
     */
    protected int _Kr[] = new int[ROUNDS*4]; // the rotating round key(s)
    protected int _Km[] = new int[ROUNDS*4]; // the masking round key(s)

    /*
     * Key setup
     */
    protected int _Tr[] = new int[24 * 8];
    protected int _Tm[] = new int[24 * 8];

    private int[] _workingKey = new int[8];

    public CAST6Engine()
    {
    }

    public String getAlgorithmName()
    {
        return "CAST6";
    }

    public void reset()
    {
    }

    public int getBlockSize()
    {
        return BLOCK_SIZE;
    }

    //==================================
    // Private Implementation
    //==================================

    /*
     * Creates the subkeys using the same nomenclature
     * as described in RFC2612.
     *
     * See section 2.4
     */
    protected void setKey(byte[] key)
    {
        int Cm = 0x5a827999;
        int Mm = 0x6ed9eba1;
        int Cr = 19;
        int Mr = 17;

        /* 
         * Determine the key size here, if required
         *
         * if keysize < 256 bytes, pad with 0
         *
         * Typical key sizes => 128, 160, 192, 224, 256
         */
        for (int i=0; i< 24; i++)
        {
            for (int j=0; j< 8; j++)
            {
                _Tm[i*8 + j] = Cm;
                Cm = (Cm + Mm);    // mod 2^32;

                _Tr[i*8 + j] = Cr;
                Cr = (Cr + Mr) & 0x1f;            // mod 32
            }
        }

        byte[] tmpKey = new byte[64];
        int length = key.length;
        System.arraycopy(key, 0, tmpKey, 0, length);

        // now create ABCDEFGH
        for (int i=0; i< 8; i++)
        {
            _workingKey[i] = BytesTo32bits(tmpKey, i*4);
        }

        // Generate the key schedule
        for (int i=0; i< 12; i++)
        {
            // KAPPA <- W2i(KAPPA)
            int i2 = i*2 *8;
            _workingKey[6] ^= F1(_workingKey[7], _Tm[i2  ], _Tr[i2  ]);
            _workingKey[5] ^= F2(_workingKey[6], _Tm[i2+1], _Tr[i2+1]);
            _workingKey[4] ^= F3(_workingKey[5], _Tm[i2+2], _Tr[i2+2]);
            _workingKey[3] ^= F1(_workingKey[4], _Tm[i2+3], _Tr[i2+3]);
            _workingKey[2] ^= F2(_workingKey[3], _Tm[i2+4], _Tr[i2+4]);
            _workingKey[1] ^= F3(_workingKey[2], _Tm[i2+5], _Tr[i2+5]);
            _workingKey[0] ^= F1(_workingKey[1], _Tm[i2+6], _Tr[i2+6]);
            _workingKey[7] ^= F2(_workingKey[0], _Tm[i2+7], _Tr[i2+7]);

            // KAPPA <- W2i+1(KAPPA)
            i2 = (i*2 + 1)*8;
            _workingKey[6] ^= F1(_workingKey[7], _Tm[i2  ], _Tr[i2  ]);
            _workingKey[5] ^= F2(_workingKey[6], _Tm[i2+1], _Tr[i2+1]);
            _workingKey[4] ^= F3(_workingKey[5], _Tm[i2+2], _Tr[i2+2]);
            _workingKey[3] ^= F1(_workingKey[4], _Tm[i2+3], _Tr[i2+3]);
            _workingKey[2] ^= F2(_workingKey[3], _Tm[i2+4], _Tr[i2+4]);
            _workingKey[1] ^= F3(_workingKey[2], _Tm[i2+5], _Tr[i2+5]);
            _workingKey[0] ^= F1(_workingKey[1], _Tm[i2+6], _Tr[i2+6]);
            _workingKey[7] ^= F2(_workingKey[0], _Tm[i2+7], _Tr[i2+7]);

            // Kr_(i) <- KAPPA
            _Kr[i*4    ] = _workingKey[0] & 0x1f;
            _Kr[i*4 + 1] = _workingKey[2] & 0x1f;
            _Kr[i*4 + 2] = _workingKey[4] & 0x1f;
            _Kr[i*4 + 3] = _workingKey[6] & 0x1f;


            // Km_(i) <- KAPPA
            _Km[i*4    ] = _workingKey[7];
            _Km[i*4 + 1] = _workingKey[5];
            _Km[i*4 + 2] = _workingKey[3];
            _Km[i*4 + 3] = _workingKey[1];
        }
        
    }

    /**
     * Encrypt the given input starting at the given offset and place
     * the result in the provided buffer starting at the given offset.
     *
     * @param src        The plaintext buffer
     * @param srcIndex    An offset into src
     * @param dst        The ciphertext buffer
     * @param dstIndex    An offset into dst
     */
    protected int encryptBlock(
        byte[] src, 
        int srcIndex,
        byte[] dst,
        int dstIndex)
    {

        int  result[] = new int[4];

        // process the input block 
        // batch the units up into 4x32 bit chunks and go for it

        int A = BytesTo32bits(src, srcIndex);
        int B = BytesTo32bits(src, srcIndex + 4);
        int C = BytesTo32bits(src, srcIndex + 8);
        int D = BytesTo32bits(src, srcIndex + 12);

        CAST_Encipher(A, B, C, D, result);

        // now stuff them into the destination block
        Bits32ToBytes(result[0], dst, dstIndex);
        Bits32ToBytes(result[1], dst, dstIndex + 4);
        Bits32ToBytes(result[2], dst, dstIndex + 8);
        Bits32ToBytes(result[3], dst, dstIndex + 12);

        return BLOCK_SIZE;
    }

    /**
     * Decrypt the given input starting at the given offset and place
     * the result in the provided buffer starting at the given offset.
     *
     * @param src        The plaintext buffer
     * @param srcIndex    An offset into src
     * @param dst        The ciphertext buffer
     * @param dstIndex    An offset into dst
     */
    protected int decryptBlock(
        byte[] src, 
        int srcIndex,
        byte[] dst,
        int dstIndex)
    {
        int  result[] = new int[4];

        // process the input block
        // batch the units up into 4x32 bit chunks and go for it
        int A = BytesTo32bits(src, srcIndex);
        int B = BytesTo32bits(src, srcIndex + 4);
        int C = BytesTo32bits(src, srcIndex + 8);
        int D = BytesTo32bits(src, srcIndex + 12);

        CAST_Decipher(A, B, C, D, result);

        // now stuff them into the destination block
        Bits32ToBytes(result[0], dst, dstIndex);
        Bits32ToBytes(result[1], dst, dstIndex + 4);
        Bits32ToBytes(result[2], dst, dstIndex + 8);
        Bits32ToBytes(result[3], dst, dstIndex + 12);

        return BLOCK_SIZE;
    }

    /**
     * Does the 12 quad rounds rounds to encrypt the block.
     * 
     * @param A    the 00-31  bits of the plaintext block
     * @param B    the 32-63  bits of the plaintext block
     * @param C    the 64-95  bits of the plaintext block
     * @param D    the 96-127 bits of the plaintext block
     * @param result the resulting ciphertext
     */
    protected final void CAST_Encipher(int A, int B, int C, int D,int result[])
    {
        int x;
        for (int i=0; i< 6; i++)
        {
            x = i*4;
            // BETA <- Qi(BETA)
            C ^= F1(D, _Km[x], _Kr[x]);
            B ^= F2(C, _Km[x + 1], _Kr[x + 1]);
            A ^= F3(B, _Km[x + 2], _Kr[x + 2]);
            D ^= F1(A, _Km[x + 3], _Kr[x + 3]);

        }

        for (int i=6; i<12; i++)
        {
            x = i*4;
            // BETA <- QBARi(BETA)
            D ^= F1(A, _Km[x + 3], _Kr[x + 3]);
            A ^= F3(B, _Km[x + 2], _Kr[x + 2]);
            B ^= F2(C, _Km[x + 1], _Kr[x + 1]);
            C ^= F1(D, _Km[x], _Kr[x]);

        }

        result[0] = A;
        result[1] = B;
        result[2] = C;
        result[3] = D;
    }

    /**
     * Does the 12 quad rounds rounds to decrypt the block.
     * 
     * @param A    the 00-31  bits of the ciphertext block
     * @param B    the 32-63  bits of the ciphertext block
     * @param C    the 64-95  bits of the ciphertext block
     * @param D    the 96-127 bits of the ciphertext block
     * @param result the resulting plaintext
     */
    protected final void CAST_Decipher(int A, int B, int C, int D,int result[])
    {
        int x;
        for (int i=0; i< 6; i++)
        {
            x = (11-i)*4;
            // BETA <- Qi(BETA)
            C ^= F1(D, _Km[x], _Kr[x]);
            B ^= F2(C, _Km[x + 1], _Kr[x + 1]);
            A ^= F3(B, _Km[x + 2], _Kr[x + 2]);
            D ^= F1(A, _Km[x + 3], _Kr[x + 3]);

        }

        for (int i=6; i<12; i++)
        {
            x = (11-i)*4;
            // BETA <- QBARi(BETA)
            D ^= F1(A, _Km[x + 3], _Kr[x + 3]);
            A ^= F3(B, _Km[x + 2], _Kr[x + 2]);
            B ^= F2(C, _Km[x + 1], _Kr[x + 1]);
            C ^= F1(D, _Km[x], _Kr[x]);

        }

        result[0] = A;
        result[1] = B;
        result[2] = C;
        result[3] = D;
    }

}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy