From 2f83777e9b1949793f20e8f9b439e34296a6bae4 Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Wed, 25 Jul 2018 16:25:41 -0400 Subject: [PATCH] Backout ChaCha changes to Crypto++ 7.0 These changes made it in by accident at Commit b74a6f444568. We were going to try to let them ride but they broke versioning. They may be added later but we should avoid the change at this time. --- TestVectors/chacha.txt | 6 +++--- bench1.cpp | 6 +++--- chacha.cpp | 36 +++++++++++++++++++++--------------- chacha.h | 34 +++++++++++++++++++++++++++------- regtest2.cpp | 4 +++- 5 files changed, 57 insertions(+), 29 deletions(-) diff --git a/TestVectors/chacha.txt b/TestVectors/chacha.txt index 58f6a36c..b38901ea 100644 --- a/TestVectors/chacha.txt +++ b/TestVectors/chacha.txt @@ -1,5 +1,5 @@ AlgorithmType: SymmetricCipher -Name: ChaCha +Name: ChaCha8 Source: http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors Comment: TC1 - All zero key and IV (16-byte key). Key: r16 00 @@ -40,7 +40,7 @@ Ciphertext: 2b8f4bb3798306ca5130d47c4f8d4ed13aa0edccc1be6942090faeeca0d7599b7ff0 Test: Encrypt AlgorithmType: SymmetricCipher -Name: ChaCha +Name: ChaCha12 Source: http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors Comment: TC1 - All zero key and IV (16-byte key). Key: r16 00 @@ -81,7 +81,7 @@ Ciphertext: 64b8bdf87b828c4b6dbaf7ef698de03df8b33f635714418f9836ade59be1296946c9 Test: Encrypt AlgorithmType: SymmetricCipher -Name: ChaCha +Name: ChaCha20 Source: http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors Comment: TC1 - All zero key and IV (16-byte key). Key: r16 00 diff --git a/bench1.cpp b/bench1.cpp index 9c36452b..700a071d 100644 --- a/bench1.cpp +++ b/bench1.cpp @@ -567,9 +567,9 @@ void Benchmark2(double t, double hertz) BenchMarkByName("Salsa20"); BenchMarkByName("Salsa20", 0, "Salsa20/12", MakeParameters(Name::Rounds(), 12)); BenchMarkByName("Salsa20", 0, "Salsa20/8", MakeParameters(Name::Rounds(), 8)); - BenchMarkByName("ChaCha"); - BenchMarkByName("ChaCha", 0, "ChaCha/12", MakeParameters(Name::Rounds(), 12)); - BenchMarkByName("ChaCha", 0, "ChaCha/8", MakeParameters(Name::Rounds(), 8)); + BenchMarkByName("ChaCha8"); + BenchMarkByName("ChaCha12"); + BenchMarkByName("ChaCha20"); BenchMarkByName("Sosemanuk"); BenchMarkByName("Rabbit"); BenchMarkByName("RabbitWithIV"); diff --git a/chacha.cpp b/chacha.cpp index e65989c4..16f73f88 100644 --- a/chacha.cpp +++ b/chacha.cpp @@ -20,20 +20,18 @@ NAMESPACE_BEGIN(CryptoPP) #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void ChaCha_TestInstantiations() { - ChaCha::Encryption x; + ChaCha8::Encryption x1; + ChaCha12::Encryption x2; + ChaCha20::Encryption x3; } #endif -void ChaCha_Policy::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) +template +void ChaCha_Policy::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) { CRYPTOPP_UNUSED(params); CRYPTOPP_ASSERT(length == 16 || length == 32); - m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20); - - if (!(m_rounds == 8 || m_rounds == 12 || m_rounds == 20)) - throw InvalidRounds(ChaCha::StaticAlgorithmName(), m_rounds); - // "expand 16-byte k" or "expand 32-byte k" m_state[0] = 0x61707865; m_state[1] = (length == 16) ? 0x3120646e : 0x3320646e; @@ -47,7 +45,8 @@ void ChaCha_Policy::CipherSetKey(const NameValuePairs ¶ms, const byte *key, get2(m_state[8])(m_state[9])(m_state[10])(m_state[11]); } -void ChaCha_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length) +template +void ChaCha_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length) { CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length); CRYPTOPP_ASSERT(length==8); @@ -57,10 +56,11 @@ void ChaCha_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, s get(m_state[14])(m_state[15]); } -void ChaCha_Policy::SeekToIteration(lword iterationCount) +template +void ChaCha_Policy::SeekToIteration(lword iterationCount) { CRYPTOPP_UNUSED(iterationCount); - throw NotImplemented(std::string(ChaCha_Info::StaticAlgorithmName()) + ": SeekToIteration is not yet implemented"); + throw NotImplemented(std::string(ChaCha_Info::StaticAlgorithmName()) + ": SeekToIteration is not yet implemented"); // TODO: these were Salsa20, and Wei re-arranged the state array for SSE2 operations. // If we can generate some out-of-band test vectors, then test and implement. Also @@ -69,7 +69,8 @@ void ChaCha_Policy::SeekToIteration(lword iterationCount) // m_state[5] = (word32)SafeRightShift<32>(iterationCount); } -unsigned int ChaCha_Policy::GetAlignment() const +template +unsigned int ChaCha_Policy::GetAlignment() const { #if CRYPTOPP_SSE2_ASM_AVAILABLE && 0 if (HasSSE2()) @@ -79,7 +80,8 @@ unsigned int ChaCha_Policy::GetAlignment() const return GetAlignmentOf(); } -unsigned int ChaCha_Policy::GetOptimalBlockSize() const +template +unsigned int ChaCha_Policy::GetOptimalBlockSize() const { #if CRYPTOPP_SSE2_ASM_AVAILABLE && 0 if (HasSSE2()) @@ -89,7 +91,8 @@ unsigned int ChaCha_Policy::GetOptimalBlockSize() const return BYTES_PER_ITERATION; } -void ChaCha_Policy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) +template +void ChaCha_Policy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) { word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; @@ -100,7 +103,7 @@ void ChaCha_Policy::OperateKeystream(KeystreamOperation operation, byte *output, x8 = m_state[8]; x9 = m_state[9]; x10 = m_state[10]; x11 = m_state[11]; x12 = m_state[12]; x13 = m_state[13]; x14 = m_state[14]; x15 = m_state[15]; - for (int i = static_cast(m_rounds); i > 0; i -= 2) + for (int i = static_cast(ROUNDS); i > 0; i -= 2) { CHACHA_QUARTER_ROUND(x0, x4, x8, x12); CHACHA_QUARTER_ROUND(x1, x5, x9, x13); @@ -141,5 +144,8 @@ void ChaCha_Policy::OperateKeystream(KeystreamOperation operation, byte *output, } } -NAMESPACE_END +template class ChaCha_Policy<8>; +template class ChaCha_Policy<12>; +template class ChaCha_Policy<20>; +NAMESPACE_END diff --git a/chacha.h b/chacha.h index b9497cbf..bdbe925b 100644 --- a/chacha.h +++ b/chacha.h @@ -20,19 +20,21 @@ NAMESPACE_BEGIN(CryptoPP) /// \brief ChaCha stream cipher information /// \since Crypto++ 5.6.4 -struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8> +template +struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>, public FixedRounds { CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { - return "ChaCha"; + return (R==8?"ChaCha8":(R==12?"ChaCha12":(R==20?"ChaCha20":"ChaCha"))); } }; /// \brief ChaCha stream cipher implementation /// \since Crypto++ 5.6.4 +template class CRYPTOPP_NO_VTABLE ChaCha_Policy : public AdditiveCipherConcretePolicy { protected: - + CRYPTOPP_CONSTANT(ROUNDS=FixedRounds::ROUNDS) void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); @@ -45,15 +47,33 @@ protected: int m_rounds; }; -/// \brief ChaCha stream cipher +/// \brief ChaCha8 stream cipher /// \sa ChaCha, a variant of Salsa20 (2008.01.28). -/// \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working group's implementation for +/// \since Crypto++ 5.6.4 +struct ChaCha8 : public ChaCha_Info<8>, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal, AdditiveCipherTemplate<> >, ChaCha_Info<8> > Encryption; + typedef Encryption Decryption; +}; + +/// \brief ChaCha12 stream cipher +/// \sa ChaCha, a variant of Salsa20 (2008.01.28). +/// \since Crypto++ 5.6.4 +struct ChaCha12 : public ChaCha_Info<12>, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal, AdditiveCipherTemplate<> >, ChaCha_Info<12> > Encryption; + typedef Encryption Decryption; +}; + +/// \brief ChaCha20 stream cipher +/// \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working roup's implementation for /// cipher suites TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /// TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, and TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256. +/// \sa ChaCha, a variant of Salsa20 (2008.01.28). /// \since Crypto++ 5.6.4 -struct ChaCha : public ChaCha_Info, public SymmetricCipherDocumentation +struct ChaCha20 : public ChaCha_Info<20>, public SymmetricCipherDocumentation { - typedef SymmetricCipherFinal >, ChaCha_Info> Encryption; + typedef SymmetricCipherFinal, AdditiveCipherTemplate<> >, ChaCha_Info<20> > Encryption; typedef Encryption Decryption; }; diff --git a/regtest2.cpp b/regtest2.cpp index 70c6e653..7e0e3571 100644 --- a/regtest2.cpp +++ b/regtest2.cpp @@ -118,7 +118,9 @@ void RegisterFactories2() RegisterSymmetricCipherDefaultFactories >(); RegisterSymmetricCipherDefaultFactories(); RegisterSymmetricCipherDefaultFactories(); - RegisterSymmetricCipherDefaultFactories(); + RegisterSymmetricCipherDefaultFactories(); + RegisterSymmetricCipherDefaultFactories(); + RegisterSymmetricCipherDefaultFactories(); RegisterSymmetricCipherDefaultFactories(); RegisterSymmetricCipherDefaultFactories(); RegisterSymmetricCipherDefaultFactories();