// kalyna.h - written and placed in the public domain by Jeffrey Walton // Based on public domain code by Keru Kuro. //! \file kalyna.h //! \brief Classes for the Kalyna block cipher //! \details The Crypto++ implementation relied upon three sources. First was Oliynykov, Gorbenko, Kazymyrov, //! Ruzhentsev, Kuznetsov, Gorbenko, Dyrda, Dolgov, Pushkaryov, Mordvinov and Kaidalov's "A New Encryption //! Standard of Ukraine: The Kalyna Block Cipher" (http://eprint.iacr.org/2015/650.pdf). Second was Roman //! Oliynykov and Oleksandr Kazymyrov's GitHub with the reference implementation //! (http://github.com/Roman-Oliynykov/Kalyna-reference). The third resource was Keru Kuro's implementation //! of Kalyna in CppCrypto (http://sourceforge.net/projects/cppcrypto/). Kuro has an outstanding //! implementation that performed better than the reference implementation and our initial attempts. #ifndef CRYPTOPP_KALYNA_H #define CRYPTOPP_KALYNA_H #include "config.h" #include "seckey.h" #include "secblock.h" NAMESPACE_BEGIN(CryptoPP) //! \class Kalyna_Info //! \brief Kalyna block cipher information //! \details Kalyna key sizes and block sizes do not fit well into the library. Rather //! than using VariableKeyLength (which is wrong) or using a GeometricKeyLength //! (a new class), we just unroll it here. Note that the step size, Q, is still //! wrong for this implementation. //! \since Crypto++ 6.0 struct Kalyna_Info : public VariableBlockSize<16, 16, 64> { CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "Kalyna";} //! \brief The minimum key length used by the algorithm provided as a constant //! \details MIN_KEYLENGTH is provided in bytes, not bits CRYPTOPP_CONSTANT(MIN_KEYLENGTH=16) //! \brief The maximum key length used by the algorithm provided as a constant //! \details MIN_KEYLENGTH is provided in bytes, not bits CRYPTOPP_CONSTANT(MAX_KEYLENGTH=64) //! \brief The default key length used by the algorithm provided as a constant //! \details MIN_KEYLENGTH is provided in bytes, not bits CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=16) //! \brief The default IV requirements for the algorithm provided as a constant //! \details The default value is NOT_RESYNCHRONIZABLE. See IV_Requirement //! in cryptlib.h for allowed values. CRYPTOPP_CONSTANT(IV_REQUIREMENT=SimpleKeyingInterface::UNIQUE_IV) //! \brief The default initialization vector length for the algorithm provided as a constant //! \details IV_LENGTH is provided in bytes, not bits. Kalyna has two different block sizes for //! each key length. This function returns the default block size for the defult key length. CRYPTOPP_CONSTANT(IV_LENGTH=16) //! \brief Provides a valid key length for the algorithm provided by a static function. //! \param keylength the size of the key, in bytes //! \details The key length depends on the block size. For each block size, 128, 256 and 512, //! the key length can be either the block size or twice the block size. That means the //! valid key lengths are 126, 256, 512 and 1024. Additionally, it means a key length of, //! say, 32 could be used with either 128-block size or 256-block size. CRYPTOPP_STATIC_CONSTEXPR size_t CRYPTOPP_API StaticGetValidKeyLength(size_t keylength) { return (keylength >= 64) ? 64 : (keylength >= 32) ? 32 : 16; } //! \brief Validates the blocksize for Kalyna. //! \param blocksize the candidate blocksize //! \param alg an Algorithm object used if the blocksize is invalid //! \throws InvalidBlockSize if the blocksize is invalid //! \details ThrowIfInvalidBlockSize() validates the blocksize and throws if invalid. inline void ThrowIfInvalidBlockSize(int blocksize, const Algorithm *alg) { if ( blocksize != 16 && blocksize != 32 && blocksize != 64) throw InvalidBlockSize(alg ? alg->AlgorithmName() : std::string("VariableBlockSize"), blocksize); } //! \brief Validates the blocksize for Kalyna. //! \param keylength the key length of the cipher //! \param blocksize the candidate blocksize //! \param alg an Algorithm object used if the blocksize is invalid //! \throws InvalidBlockSize if the blocksize is invalid //! \details ThrowIfInvalidBlockSize() validates the blocksize under a key and throws if invalid. inline void ThrowIfInvalidBlockSize(int keylength, int blocksize, const Algorithm *alg) { if ( ((keylength == 16) && (blocksize != 16)) || ((keylength == 32) && (blocksize != 32 && blocksize != 64)) || ((keylength == 64) && (blocksize != 32 && blocksize != 64)) ) { throw InvalidBlockSize(alg ? alg->AlgorithmName() : std::string("VariableBlockSize"), blocksize); } } }; //! \class Kalyna //! \brief Kalyna block cipher //! \since Crypto++ 6.0 class Kalyna : public Kalyna_Info, public BlockCipherDocumentation { public: class CRYPTOPP_NO_VTABLE Base : public VariableBlockCipherImpl { public: //! \brief Provides the name of this algorithm //! \return the standard algorithm name //! \details If the object is unkeyed, then the generic name "Kalyna" is returned //! to the caller. If the algorithm is keyed, then a two or three part name is //! returned to the caller. The name follows DSTU 7624:2014, where block size is //! provided first and then key length. The library uses a dash to identify block size //! and parenthesis to identify key length. For example, Kalyna-128(256) is Kalyna //! with a 128-bit block size and a 256-bit key length. If a mode is associated //! with the object, then it follows as expected. For example, Kalyna-128(256)/ECB. //! DSTU is a little more complex with more parameters, dashes, underscores, but the //! library does not use the delimiters or full convention. std::string AlgorithmName() const { return m_blocksize ? "Kalyna-" + IntToString(m_blocksize*8) + "(" + IntToString(m_kl*8) + ")" : StaticAlgorithmName(); } unsigned int OptimalDataAlignment() const { return GetAlignmentOf(); } protected: void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs ¶ms); void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; protected: // Visual Studio and C2910: 'Kalyna::Base::SetKey_Template': cannot be explicitly specialized //template // void SetKey_Template(const word64 key[NK]); void SetKey_22(const word64 key[2]); void SetKey_24(const word64 key[4]); void SetKey_44(const word64 key[4]); void SetKey_48(const word64 key[8]); void SetKey_88(const word64 key[8]); // Visual Studio and C2910: 'Kalyna::Base::ProcessBlock_Template': cannot be explicitly specialized //template // void ProcessBlock_Template(const word64 inBlock[NB], const word64 outBlock[NB]) const; void ProcessBlock_22(const word64 inBlock[2], const word64 xorBlock[2], word64 outBlock[2]) const; void ProcessBlock_24(const word64 inBlock[2], const word64 xorBlock[2] ,word64 outBlock[2]) const; void ProcessBlock_44(const word64 inBlock[4], const word64 xorBlock[4], word64 outBlock[4]) const; void ProcessBlock_48(const word64 inBlock[4], const word64 xorBlock[4], word64 outBlock[4]) const; void ProcessBlock_88(const word64 inBlock[8], const word64 xorBlock[8], word64 outBlock[8]) const; private: typedef SecBlock > AlignedSecBlock64; mutable AlignedSecBlock64 m_wspace; // work space AlignedSecBlock64 m_mkey; // master key AlignedSecBlock64 m_rkeys; // round keys unsigned int m_kl, m_nb, m_nk; // key length, number 64-bit blocks and keys }; typedef BlockCipherFinal Encryption; typedef BlockCipherFinal Decryption; }; typedef Kalyna::Encryption KalynaEncryption; typedef Kalyna::Decryption KalynaDecryption; NAMESPACE_END #endif // CRYPTOPP_KALYNA_H