rfc2612.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

       for (i=6; i<12; i++)
           BETA <- QBARi(BETA)

   128bits of ciphertext = BETA

   Round Key Re-Ordering for Decryption

      The cipher employs a 256-bit primary key K.  Decryption is
      identical to encryption except that the sets of quad-round keys
      Kr_(i), Km_(i) derived from K are used in reverse order as
      follows.

       for (i=0; i<12; i++)
       {
           KrNEW_(i) = Kr_(11-i)
           KmNEW_(i) = Km_(11-i)
       }

2.4 The CAST-256 Key Schedule

   Initialization:

       Cm = 2**30 * SQRT(2) = 5A827999 (base 16)
       Mm = 2**30 * SQRT(3) = 6ED9EBA1 (base 16)
       Cr = 19
       Mr = 17











Adams & Gilchrist            Informational                      [Page 7]

RFC 2612           The CAST-256 Encryption Algorithm           June 1999


       for (i=0; i<24; i++)
       {
           for (j=0; j<8; j++)
           {
               Tmj_(i) = Cm
               Cm = (Cm + Mm) mod 2**32
               Trj_(i) = Cr
               Cr = (Cr + Mr) mod 32
           }
       }

   Key Schedule:

       KAPPA = ABCDEFGH = 256 bit of primary key, K.

       for (i=0; i<12; i++)
       {
           KAPPA <- W2i(KAPPA)
           KAPPA <- W2i+1(KAPPA)
           Kr_(i) <- KAPPA
           Km_(i) <- KAPPA
       }

       Note:  (|K| = 128) => (E = F = G = H = 0)
              (|K| = 160) => (F = G = H = 0)
              (|K| = 192) => (G = H = 0)
              (|K| = 224) => (H = 0)

3. Cipher Naming

   In order to avoid confusion when variable keysize operation is used,
   the name CAST-256 is to be considered synonymous with the name CAST6;
   this allows a keysize to be appended without ambiguity.  Thus, for
   example, CAST-256 with a 192-bit key is to be referred to as CAST6-
   192; where a 256-bit key is explicitly intended, the name CAST6-256
   should be used.

4. Cipher Usage

   The CAST-256 cipher described in this document is available worldwide
   on a royalty-free and licence-free basis for commercial and non-
   commercial uses.

5. Security Considerations

   This entire memo is about security since it describes an algorithm
   which is specifically intended for cryptographic purposes.




Adams & Gilchrist            Informational                      [Page 8]

RFC 2612           The CAST-256 Encryption Algorithm           June 1999


6. References

   [1] Adams, C., "The CAST-128 Encryption Algorithm", RFC 2144, May
       1997.

7. Authors' Addresses

   Carlisle Adams
   Entrust Technologies
   750 Heron Road, Suite E08
   Ottawa, Ontario, Canada
   K1V 1A7

   Phone: 613-247-3180
   Fax:   613-247-3690
   EMail: carlisle.adams@entrust.com


   Jeff Gilchrist
   Entrust Technologies
   750 Heron Road, Suite E08
   Ottawa, Ontario, Canada
   K1V 1A7

   Phone: 613-248-3074
   Fax:   613-247-3450
   EMail: jeff.gilchrist@entrust.com
























Adams & Gilchrist            Informational                      [Page 9]

RFC 2612           The CAST-256 Encryption Algorithm           June 1999


Appendix A: Test Vectors

   Intermediate Values Known Answer Test. The data listed is:

    KEYSIZE=the current key length in bits
    KEY=the key in hexadecimal format
    PT=the plaintext to be encrypted
    R=the quad-round number (1 to 12)
    ROTK1,ROTK2,ROTK3,ROTK4=the rotation keys for the current quad-round
    MASK1,MASK2,MASK3,MASK4=the masking keys for the current quad-round
    OUT=the output of the quad-round
    CT=the ciphertext corresponding to the given plaintext.

   For each key size, an encryption and the corresponding decryption are
   shown.

   KEYSIZE=128
   KEY=2342bb9efa38542c0af75647f29f615d

   PT=00000000000000000000000000000000

   R=1
   ROTK1=1c          ROTK2=1d          ROTK3=18          ROTK4=06
   MASK1=f364d7f9    MASK2=233500c0    MASK3=83cee501    MASK4=01f857c6
   OUT=e2c604af966715811b377f12de19e459

   R=2
   ROTK1=1e          ROTK2=18          ROTK3=13          ROTK4=02
   MASK1=ae877786    MASK2=ef78852e    MASK3=0aa1c41f    MASK4=a28ec9c4
   OUT=5375c3be208f38eed0419d98f50dd9b3

   R=3
   ROTK1=02          ROTK2=1d          ROTK3=01          ROTK4=0b
   MASK1=a3eedefb    MASK2=ac426ecf    MASK3=2e8220ec    MASK4=cd92c34a
   OUT=732e4ec0f205e39afaf407c956d83728

   R=4
   ROTK1=0d          ROTK2=1d          ROTK3=04          ROTK4=12
   MASK1=3046827f    MASK2=568ab6b9    MASK3=b86e7c10    MASK4=ef290a58
   OUT=af23fd837033dc81a60be8a69865c543

   R=5
   ROTK1=01          ROTK2=14          ROTK3=0c          ROTK4=06
   MASK1=302e76c3    MASK2=cf429964    MASK3=e9ecad47    MASK4=8850a515
   OUT=8b5e011401e1124f731135fa780c59ef

   R=6
   ROTK1=17          ROTK2=1d          ROTK3=0e          ROTK4=09



Adams & Gilchrist            Informational                     [Page 10]

RFC 2612           The CAST-256 Encryption Algorithm           June 1999


   MASK1=bb903fdc    MASK2=a9915d2f    MASK3=0974e50a    MASK4=0c1708f1
   OUT=bdea3985cd08c7902096561b76f20944

   R=7
   ROTK1=03          ROTK2=13          ROTK3=07          ROTK4=0e
   MASK1=13330f06    MASK2=5e1906f5    MASK3=fb2bce75    MASK4=8331aed4
   OUT=438053fe465c299bcb35f273b10ea71a

   R=8
   ROTK1=07          ROTK2=02          ROTK3=14          ROTK4=14
   MASK1=a29189c1    MASK2=d1aeff98    MASK3=c9b55ba7    MASK4=c149f70c
   OUT=172c3a9a2791509d5939f58b703f2533

   R=9
   ROTK1=1c          ROTK2=08          ROTK3=1f          ROTK4=1f
   MASK1=5687e118    MASK2=bc4f5d80    MASK3=cca4c042    MASK4=bab3fb68
   OUT=79178d5f90187732f8007fd3884cc309

   R=10
   ROTK1=15          ROTK2=12          ROTK3=04          ROTK4=0f
   MASK1=cdb18671    MASK2=f06a3c64    MASK3=0c7031f9    MASK4=7dfbff4e
   OUT=e9e2b1f23e82479baec3b3b35fdf890f

   R=11
   ROTK1=1f          ROTK2=1a          ROTK3=01          ROTK4=0e
   MASK1=317654b5    MASK2=a1433222    MASK3=f6d8c69f    MASK4=304dfbeb
   OUT=1f3270101b2b38adc4818ca2aafc334a

   R=12
   ROTK1=0b          ROTK2=11          ROTK3=0f          ROTK4=18
   MASK1=9339b14f    MASK2=971d14bb    MASK3=f3b7ca97    MASK4=2b8a06f9
   OUT=c842a08972b43d20836c91d1b7530f6b

   CT=c842a08972b43d20836c91d1b7530f6b

   R=1
   ROTK1=0b          ROTK2=11          ROTK3=0f          ROTK4=18
   MASK1=9339b14f    MASK2=971d14bb    MASK3=f3b7ca97    MASK4=2b8a06f9
   OUT=1f3270101b2b38adc4818ca2aafc334a

   R=2
   ROTK1=1f          ROTK2=1a          ROTK3=01          ROTK4=0e
   MASK1=317654b5    MASK2=a1433222    MASK3=f6d8c69f    MASK4=304dfbeb
   OUT=e9e2b1f23e82479baec3b3b35fdf890f

   R=3
   ROTK1=15          ROTK2=12          ROTK3=04          ROTK4=0f
   MASK1=cdb18671    MASK2=f06a3c64    MASK3=0c7031f9    MASK4=7dfbff4e



Adams & Gilchrist            Informational                     [Page 11]

RFC 2612           The CAST-256 Encryption Algorithm           June 1999


   OUT=79178d5f90187732f8007fd3884cc309

   R=4
   ROTK1=1c          ROTK2=08          ROTK3=1f          ROTK4=1f
   MASK1=5687e118    MASK2=bc4f5d80    MASK3=cca4c042    MASK4=bab3fb68
   OUT=172c3a9a2791509d5939f58b703f2533

   R=5
   ROTK1=07          ROTK2=02          ROTK3=14          ROTK4=14
   MASK1=a29189c1    MASK2=d1aeff98    MASK3=c9b55ba7    MASK4=c149f70c
   OUT=438053fe465c299bcb35f273b10ea71a

   R=6
   ROTK1=03          ROTK2=13          ROTK3=07          ROTK4=0e
   MASK1=13330f06    MASK2=5e1906f5    MASK3=fb2bce75    MASK4=8331aed4
   OUT=bdea3985cd08c7902096561b76f20944

   R=7
   ROTK1=17          ROTK2=1d          ROTK3=0e          ROTK4=09
   MASK1=bb903fdc    MASK2=a9915d2f    MASK3=0974e50a    MASK4=0c1708f1
   OUT=8b5e011401e1124f731135fa780c59ef

   R=8
   ROTK1=01          ROTK2=14          ROTK3=0c          ROTK4=06
   MASK1=302e76c3    MASK2=cf429964    MASK3=e9ecad47    MASK4=8850a515
   OUT=af23fd837033dc81a60be8a69865c543

   R=9
   ROTK1=0d          ROTK2=1d          ROTK3=04          ROTK4=12
   MASK1=3046827f    MASK2=568ab6b9    MASK3=b86e7c10    MASK4=ef290a58
   OUT=732e4ec0f205e39afaf407c956d83728

   R=10
   ROTK1=02          ROTK2=1d          ROTK3=01          ROTK4=0b
   MASK1=a3eedefb    MASK2=ac426ecf    MASK3=2e8220ec    MASK4=cd92c34a
   OUT=5375c3be208f38eed0419d98f50dd9b3

   R=11
   ROTK1=1e          ROTK2=18          ROTK3=13          ROTK4=02
   MASK1=ae877786    MASK2=ef78852e    MASK3=0aa1c41f    MASK4=a28ec9c4
   OUT=e2c604af966715811b377f12de19e459

   R=12
   ROTK1=1c          ROTK2=1d          ROTK3=18          ROTK4=06
   MASK1=f364d7f9    MASK2=233500c0    MASK3=83cee501    MASK4=01f857c6
   OUT=00000000000000000000000000000000

   PT=00000000000000000000000000000000



Adams & Gilchrist            Informational                     [Page 12]

RFC 2612           The CAST-256 Encryption Algorithm           June 1999


   ==========


   KEYSIZE=192
   KEY=2342bb9efa38542cbed0ac83940ac298bac77a7717942863

   PT=00000000000000000000000000000000

   R=1
   ROTK1=1e          ROTK2=1a          ROTK3=1b          ROTK4=16
   MASK1=21daa501    MASK2=fcdfc612    MASK3=62f629b3    MASK4=9ec93bfa
   OUT=4d468c8ca43c1ab66eae0bb9062fe876

   R=2
   ROTK1=1a          ROTK2=1d          ROTK3=19          ROTK4=1f
   MASK1=d7f04aaf    MASK2=76a4b0c2    MASK3=7364327b    MASK4=fe0602c3
   OUT=1fd808cfd82ac7354728e719a4cc0ebe

   R=3
   ROTK1=13          ROTK2=19          ROTK3=15          ROTK4=18
   MASK1=c5b5a24e    MASK2=20577cc0    MASK3=e58b12aa    MASK4=a87da0f1
   OUT=d3507d51934db5335cebdbb550b774b6

   R=4
   ROTK1=0f          ROTK2=00          ROTK3=15          ROTK4=08
   MASK1=5b1b847c    MASK2=3d700297    MASK3=310383e1    MASK4=a1a19785
   OUT=fab3a20243c1c67bf1759f40c4b732e8

   R=5
   ROTK1=01          ROTK2=0f          ROTK3=0f          ROTK4=11
   MASK1=34422fa1    MASK2=745d0d3c    MASK3=0804535e    MASK4=42de73d8
   OUT=cf003a27ba91d2346ddfa8ec76bdf029

   R=6