rfc2144.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.


RFC 2144             CAST-128 Encryption Algorithms             May 1997


2.5. Variable Keysize

   The CAST-128 encryption algorithm has been designed to allow a key
   size that can vary from 40 bits to 128 bits, in 8-bit increments
   (that is, the allowable key sizes are 40, 48, 56, 64, ..., 112, 120,
   and 128 bits.  For variable keysize operation, the specification is
   as follows:

   1) For key sizes up to and including 80 bits (i.e., 40, 48, 56, 64,
      72, and 80 bits), the algorithm is exactly as specified but uses
      12 rounds instead of 16;

   2) For key sizes greater than 80 bits, the algorithm uses the full 16
      rounds;

   3) For key sizes less than 128 bits, the key is padded with zero
      bytes (in the rightmost, or least significant, positions) out to
      128 bits (since the CAST-128 key schedule assumes an input key of
      128 bits).

   Note that although CAST-128 can support all 12 key sizes listed
   above, 40 bits, 64 bits, 80 bits, and 128 bits are the sizes that
   find utility in typical environments.  Therefore, it will likely be
   sufficient for most implementations to support some subset of only
   these four sizes.

   In order to avoid confusion when variable keysize operation is used,
   the name CAST-128 is to be considered synonymous with the name CAST5;
   this allows a keysize to be appended without ambiguity.  Thus, for
   example, CAST-128 with a 40-bit key is to be referred to as CAST5-40;
   where a 128-bit key is explicitly intended, the name CAST5-128 should
   be used.

2.6. CAST5 Object Identifiers

   For those who may be using CAST in algorithm negotiation within a
   protocol, or in any other context which may require the use of OBJECT
   IDENTIFIERs, the following OIDs have been defined.

algorithms OBJECT IDENTIFIER ::=
   { iso(1) memberBody(2) usa(840) nt(113533) nsn(7) algorithms(66) }










Adams                        Informational                      [Page 6]

RFC 2144             CAST-128 Encryption Algorithms             May 1997


cast5CBC OBJECT IDENTIFIER ::= { algorithms cast5CBC(10) }

    Parameters ::= SEQUENCE {
        iv         OCTET STRING DEFAULT 0,  -- Initialization vector
        keyLength  INTEGER                  -- Key length, in bits
    }

    Note: The iv is optional and defaults to all-zero. On the encoding
          end, if an all-zero iv is used, then it should absent from
          the Parameters. On the decoding end, an absent iv should be
          interpreted as meaning all-zeros.

    This is encryption and decryption in CBC mode using the CAST-128
    symmetric block cipher algorithm.


cast5MAC OBJECT IDENTIFIER ::= { algorithms cast5MAC(11) }

    Parameters ::= SEQUENCE {
        macLength  INTEGER,       -- MAC length, in bits
        keyLength  INTEGER        -- Key length, in bits
    }

    This is message authentication using the CAST-128 symmetric block
    cipher algorithm.


pbeWithMD5AndCast5CBC OBJECT IDENTIFIER ::=
    { algorithms pbeWithMD5AndCAST5-CBC(12) }

    Parameters ::= SEQUENCE {
        salt            OCTET STRING,
        iterationCount  INTEGER,      -- Total number of hash iterations
        keyLength       INTEGER       -- Key length, in bits
    }

    Note: The IV is derived from the hashing procedure and therefore
          need not be included in Parameters.

    This is password-based encryption and decryption in CBC mode
    using MD5 and the CAST-128 symmetric block cipher .   See PKCS #5
    (which uses the DES cipher) for details of the PBE computation.









Adams                        Informational                      [Page 7]

RFC 2144             CAST-128 Encryption Algorithms             May 1997


2.7. Discussion

   CAST-128 is a 12- or 16-round Feistel cipher that has a blocksize of
   64 bits and a keysize of up to 128 bits; it uses rotation to provide
   intrinsic immunity to linear and differential attacks; it uses a
   mixture of XOR, addition and subtraction (modulo 2**32) in the round
   function; and it uses three variations of the round function itself
   throughout the cipher.  Finally, the 8x32 s-boxes used in the round
   function each have a minimum nonlinearity of 74 and a maximum entry
   of 2 in the difference distribution table.

   This cipher appears to have cryptographic strength in accordance with
   its keysize (128 bits) and has very good encryption / decryption
   performance:  3.3 MBytes/sec on a 150 MHz Pentium processor.

3. Intellectual Property Considerations

   The CAST-128 cipher described in this document is available worldwide
   on a royalty-free basis for commercial and non-commercial uses.

4. Security Considerations

   This entire memo is about security since it describes an algorithm
   which is specifically intended for cryptographic purposes.

5. References

   [Adams] Adams, C., "Constructing Symmetric Ciphers using the CAST
   Design Procedure", Designs, Codes, and Cryptography (to appear).

   [Web1] "Constructing Symmetric Ciphers using the CAST Design
   Procedure" (identical to [Adams] but available on-line) and "CAST
   Design Procedure Addendum", http://www.entrust.com/library.htm.

   [Web2] "CAST Encryption Algorithm Related Publications",
   http://adonis.ee.queensu.ca:8000/cast/cast.html.

6. Author's Address

   Carlisle Adams
   Entrust Technologies
   750 Heron Road,
   Ottawa, Canada, K1V 1A7

   E-mail: cadams@entrust.com
   Phone:  +1.613.763.9008





Adams                        Informational                      [Page 8]

RFC 2144             CAST-128 Encryption Algorithms             May 1997


Appendix A. S-Boxes

S-Box S1
30fb40d4 9fa0ff0b 6beccd2f 3f258c7a 1e213f2f 9c004dd3 6003e540 cf9fc949
bfd4af27 88bbbdb5 e2034090 98d09675 6e63a0e0 15c361d2 c2e7661d 22d4ff8e
28683b6f c07fd059 ff2379c8 775f50e2 43c340d3 df2f8656 887ca41a a2d2bd2d
a1c9e0d6 346c4819 61b76d87 22540f2f 2abe32e1 aa54166b 22568e3a a2d341d0
66db40c8 a784392f 004dff2f 2db9d2de 97943fac 4a97c1d8 527644b7 b5f437a7
b82cbaef d751d159 6ff7f0ed 5a097a1f 827b68d0 90ecf52e 22b0c054 bc8e5935
4b6d2f7f 50bb64a2 d2664910 bee5812d b7332290 e93b159f b48ee411 4bff345d
fd45c240 ad31973f c4f6d02e 55fc8165 d5b1caad a1ac2dae a2d4b76d c19b0c50
882240f2 0c6e4f38 a4e4bfd7 4f5ba272 564c1d2f c59c5319 b949e354 b04669fe
b1b6ab8a c71358dd 6385c545 110f935d 57538ad5 6a390493 e63d37e0 2a54f6b3
3a787d5f 6276a0b5 19a6fcdf 7a42206a 29f9d4d5 f61b1891 bb72275e aa508167
38901091 c6b505eb 84c7cb8c 2ad75a0f 874a1427 a2d1936b 2ad286af aa56d291
d7894360 425c750d 93b39e26 187184c9 6c00b32d 73e2bb14 a0bebc3c 54623779
64459eab 3f328b82 7718cf82 59a2cea6 04ee002e 89fe78e6 3fab0950 325ff6c2
81383f05 6963c5c8 76cb5ad6 d49974c9 ca180dcf 380782d5 c7fa5cf6 8ac31511
35e79e13 47da91d0 f40f9086 a7e2419e 31366241 051ef495 aa573b04 4a805d8d
548300d0 00322a3c bf64cddf ba57a68e 75c6372b 50afd341 a7c13275 915a0bf5
6b54bfab 2b0b1426 ab4cc9d7 449ccd82 f7fbf265 ab85c5f3 1b55db94 aad4e324
cfa4bd3f 2deaa3e2 9e204d02 c8bd25ac eadf55b3 d5bd9e98 e31231b2 2ad5ad6c
954329de adbe4528 d8710f69 aa51c90f aa786bf6 22513f1e aa51a79b 2ad344cc
7b5a41f0 d37cfbad 1b069505 41ece491 b4c332e6 032268d4 c9600acc ce387e6d
bf6bb16c 6a70fb78 0d03d9c9 d4df39de e01063da 4736f464 5ad328d8 b347cc96
75bb0fc3 98511bfb 4ffbcc35 b58bcf6a e11f0abc bfc5fe4a a70aec10 ac39570a
3f04442f 6188b153 e0397a2e 5727cb79 9ceb418f 1cacd68d 2ad37c96 0175cb9d
c69dff09 c75b65f0 d9db40d8 ec0e7779 4744ead4 b11c3274 dd24cb9e 7e1c54bd
f01144f9 d2240eb1 9675b3fd a3ac3755 d47c27af 51c85f4d 56907596 a5bb15e6
580304f0 ca042cf1 011a37ea 8dbfaadb 35ba3e4a 3526ffa0 c37b4d09 bc306ed9
98a52666 5648f725 ff5e569d 0ced63d0 7c63b2cf 700b45e1 d5ea50f1 85a92872
af1fbda7 d4234870 a7870bf3 2d3b4d79 42e04198 0cd0ede7 26470db8 f881814c
474d6ad7 7c0c5e5c d1231959 381b7298 f5d2f4db ab838653 6e2f1e23 83719c9e
bd91e046 9a56456e dc39200c 20c8c571 962bda1c e1e696ff b141ab08 7cca89b9
1a69e783 02cc4843 a2f7c579 429ef47d 427b169c 5ac9f049 dd8f0f00 5c8165bf

S-Box S2
1f201094 ef0ba75b 69e3cf7e 393f4380 fe61cf7a eec5207a 55889c94 72fc0651
ada7ef79 4e1d7235 d55a63ce de0436ba 99c430ef 5f0c0794 18dcdb7d a1d6eff3
a0b52f7b 59e83605 ee15b094 e9ffd909 dc440086 ef944459 ba83ccb3 e0c3cdfb
d1da4181 3b092ab1 f997f1c1 a5e6cf7b 01420ddb e4e7ef5b 25a1ff41 e180f806
1fc41080 179bee7a d37ac6a9 fe5830a4 98de8b7f 77e83f4e 79929269 24fa9f7b
e113c85b acc40083 d7503525 f7ea615f 62143154 0d554b63 5d681121 c866c359
3d63cf73 cee234c0 d4d87e87 5c672b21 071f6181 39f7627f 361e3084 e4eb573b
602f64a4 d63acd9c 1bbc4635 9e81032d 2701f50c 99847ab4 a0e3df79 ba6cf38c
10843094 2537a95e f46f6ffe a1ff3b1f 208cfb6a 8f458c74 d9e0a227 4ec73a34
fc884f69 3e4de8df ef0e0088 3559648d 8a45388c 1d804366 721d9bfd a58684bb
e8256333 844e8212 128d8098 fed33fb4 ce280ae1 27e19ba5 d5a6c252 e49754bd



Adams                        Informational                      [Page 9]

RFC 2144             CAST-128 Encryption Algorithms             May 1997


c5d655dd eb667064 77840b4d a1b6a801 84db26a9 e0b56714 21f043b7 e5d05860
54f03084 066ff472 a31aa153 dadc4755 b5625dbf 68561be6 83ca6b94 2d6ed23b
eccf01db a6d3d0ba b6803d5c af77a709 33b4a34c 397bc8d6 5ee22b95 5f0e5304
81ed6f61 20e74364 b45e1378 de18639b 881ca122 b96726d1 8049a7e8 22b7da7b
5e552d25 5272d237 79d2951c c60d894c 488cb402 1ba4fe5b a4b09f6b 1ca815cf
a20c3005 8871df63 b9de2fcb 0cc6c9e9 0beeff53 e3214517 b4542835 9f63293c
ee41e729 6e1d2d7c 50045286 1e6685f3 f33401c6 30a22c95 31a70850 60930f13
73f98417 a1269859 ec645c44 52c877a9 cdff33a6 a02b1741 7cbad9a2 2180036f
50d99c08 cb3f4861 c26bd765 64a3f6ab 80342676 25a75e7b e4e6d1fc 20c710e6
cdf0b680 17844d3b 31eef84d 7e0824e4 2ccb49eb 846a3bae 8ff77888 ee5d60f6
7af75673 2fdd5cdb a11631c1 30f66f43 b3faec54 157fd7fa ef8579cc d152de58
db2ffd5e 8f32ce19 306af97a 02f03ef8 99319ad5 c242fa0f a7e3ebb0 c68e4906
b8da230c 80823028 dcdef3c8 d35fb171 088a1bc8 bec0c560 61a3c9e8 bca8f54d
c72feffa 22822e99 82c570b4 d8d94e89 8b1c34bc 301e16e6 273be979 b0ffeaa6
61d9b8c6 00b24869 b7ffce3f 08dc283b 43daf65a f7e19798 7619b72f 8f1c9ba4
dc8637a0 16a7d3b1 9fc393b7 a7136eeb c6bcc63e 1a513742 ef6828bc 520365d6
2d6a77ab 3527ed4b 821fd216 095c6e2e db92f2fb 5eea29cb 145892f5 91584f7f
5483697b 2667a8cc 85196048 8c4bacea 833860d4 0d23e0f9 6c387e8a 0ae6d249
b284600c d835731d dcb1c647 ac4c56ea 3ebd81b3 230eabb0 6438bc87 f0b5b1fa
8f5ea2b3 fc184642 0a036b7a 4fb089bd 649da589 a345415e 5c038323 3e5d3bb9
43d79572 7e6dd07c 06dfdf1e 6c6cc4ef 7160a539 73bfbe70 83877605 4523ecf1

S-Box S3
8defc240 25fa5d9f eb903dbf e810c907 47607fff 369fe44b 8c1fc644 aececa90
beb1f9bf eefbcaea e8cf1950 51df07ae 920e8806 f0ad0548 e13c8d83 927010d5
11107d9f 07647db9 b2e3e4d4 3d4f285e b9afa820 fade82e0 a067268b 8272792e
553fb2c0 489ae22b d4ef9794 125e3fbc 21fffcee 825b1bfd 9255c5ed 1257a240
4e1a8302 bae07fff 528246e7 8e57140e 3373f7bf 8c9f8188 a6fc4ee8 c982b5a5
a8c01db7 579fc264 67094f31 f2bd3f5f 40fff7c1 1fb78dfc 8e6bd2c1 437be59b
99b03dbf b5dbc64b 638dc0e6 55819d99 a197c81c 4a012d6e c5884a28 ccc36f71
b843c213 6c0743f1 8309893c 0feddd5f 2f7fe850 d7c07f7e 02507fbf 5afb9a04
a747d2d0 1651192e af70bf3e 58c31380 5f98302e 727cc3c4 0a0fb402 0f7fef82
8c96fdad 5d2c2aae 8ee99a49 50da88b8 8427f4a0 1eac5790 796fb449 8252dc15
efbd7d9b a672597d ada840d8 45f54504 fa5d7403 e83ec305 4f91751a 925669c2
23efe941 a903f12e 60270df2 0276e4b6 94fd6574 927985b2 8276dbcb 02778176
f8af918d 4e48f79e 8f616ddf e29d840e 842f7d83 340ce5c8 96bbb682 93b4b148
ef303cab 984faf28 779faf9b 92dc560d 224d1e20 8437aa88 7d29dc96 2756d3dc
8b907cee b51fd240 e7c07ce3 e566b4a1 c3e9615e 3cf8209d 6094d1e3 cd9ca341
5c76460e 00ea983b d4d67881 fd47572c f76cedd9 bda8229c 127dadaa 438a074e
1f97c090 081bdb8a 93a07ebe b938ca15 97b03cff 3dc2c0f8 8d1ab2ec 64380e51
68cc7bfb d90f2788 12490181 5de5ffd4 dd7ef86a 76a2e214 b9a40368 925d958f
4b39fffa ba39aee9 a4ffd30b faf7933b 6d498623 193cbcfa 27627545 825cf47a
61bd8ba0 d11e42d1 cead04f4 127ea392 10428db7 8272a972 9270c4a8 127de50b
285ba1c8 3c62f44f 35c0eaa5 e805d231 428929fb b4fcdf82 4fb66a53 0e7dc15b
1f081fab 108618ae fcfd086d f9ff2889 694bcc11 236a5cae 12deca4d 2c3f8cc5
d2d02dfe f8ef5896 e4cf52da 95155b67 494a488c b9b6a80c 5c8f82bc 89d36b45
3a609437 ec00c9a9 44715253 0a874b49 d773bc40 7c34671c 02717ef6 4feb5536
a2d02fff d2bf60c4 d43f03c0 50b4ef6d 07478cd1 006e1888 a2e53f55 b9e6d4bc



Adams                        Informational                     [Page 10]

RFC 2144             CAST-128 Encryption Algorithms             May 1997