Backout ChaCha changes to Crypto++ 7.0

These changes made it in by accident at Commit b74a6f4445. We were going to try to let them ride but they broke versioning. They may be added later but we should avoid the change at this time.

TestVectors/chacha.txt

@@ -1,5 +1,5 @@
 AlgorithmType: SymmetricCipher
-Name: ChaCha
+Name: ChaCha8
 Source: http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors
 Comment: TC1 - All zero key and IV (16-byte key).
 Key: r16 00
@@ -40,7 +40,7 @@ Ciphertext: 2b8f4bb3798306ca5130d47c4f8d4ed13aa0edccc1be6942090faeeca0d7599b7ff0
 Test: Encrypt
 
 AlgorithmType: SymmetricCipher
-Name: ChaCha
+Name: ChaCha12
 Source: http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors
 Comment: TC1 - All zero key and IV (16-byte key).
 Key: r16 00
@@ -81,7 +81,7 @@ Ciphertext: 64b8bdf87b828c4b6dbaf7ef698de03df8b33f635714418f9836ade59be1296946c9
 Test: Encrypt
 
 AlgorithmType: SymmetricCipher
-Name: ChaCha
+Name: ChaCha20
 Source: http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors
 Comment: TC1 - All zero key and IV (16-byte key).
 Key: r16 00

bench1.cpp

@@ -567,9 +567,9 @@ void Benchmark2(double t, double hertz)
 		BenchMarkByName<SymmetricCipher>("Salsa20");
 		BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20/12", MakeParameters(Name::Rounds(), 12));
 		BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20/8", MakeParameters(Name::Rounds(), 8));
-		BenchMarkByName<SymmetricCipher>("ChaCha");
+		BenchMarkByName<SymmetricCipher>("ChaCha8");
-		BenchMarkByName<SymmetricCipher>("ChaCha", 0, "ChaCha/12", MakeParameters(Name::Rounds(), 12));
+		BenchMarkByName<SymmetricCipher>("ChaCha12");
-		BenchMarkByName<SymmetricCipher>("ChaCha", 0, "ChaCha/8", MakeParameters(Name::Rounds(), 8));
+		BenchMarkByName<SymmetricCipher>("ChaCha20");
 		BenchMarkByName<SymmetricCipher>("Sosemanuk");
 		BenchMarkByName<SymmetricCipher>("Rabbit");
 		BenchMarkByName<SymmetricCipher>("RabbitWithIV");

chacha.cpp

@@ -20,20 +20,18 @@ NAMESPACE_BEGIN(CryptoPP)
 #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
 void ChaCha_TestInstantiations()
 {
-	ChaCha::Encryption x;
+	ChaCha8::Encryption x1;
+	ChaCha12::Encryption x2;
+	ChaCha20::Encryption x3;
 }
 #endif
 
-void ChaCha_Policy::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)
+template<unsigned int R>
+void ChaCha_Policy<R>::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)
 {
 	CRYPTOPP_UNUSED(params);
 	CRYPTOPP_ASSERT(length == 16 || length == 32);
 
-	m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20);
-
-	if (!(m_rounds == 8 || m_rounds == 12 || m_rounds == 20))
-		throw InvalidRounds(ChaCha::StaticAlgorithmName(), m_rounds);
-
 	// "expand 16-byte k" or "expand 32-byte k"
 	m_state[0] = 0x61707865;
 	m_state[1] = (length == 16) ? 0x3120646e : 0x3320646e;
@@ -47,7 +45,8 @@ void ChaCha_Policy::CipherSetKey(const NameValuePairs &params, const byte *key,
 	get2(m_state[8])(m_state[9])(m_state[10])(m_state[11]);
 }
 
-void ChaCha_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length)
+template<unsigned int R>
+void ChaCha_Policy<R>::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length)
 {
 	CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
 	CRYPTOPP_ASSERT(length==8);
@@ -57,10 +56,11 @@ void ChaCha_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, s
 	get(m_state[14])(m_state[15]);
 }
 
-void ChaCha_Policy::SeekToIteration(lword iterationCount)
+template<unsigned int R>
+void ChaCha_Policy<R>::SeekToIteration(lword iterationCount)
 {
 	CRYPTOPP_UNUSED(iterationCount);
-	throw NotImplemented(std::string(ChaCha_Info::StaticAlgorithmName()) + ":  SeekToIteration is not yet implemented");
+	throw NotImplemented(std::string(ChaCha_Info<R>::StaticAlgorithmName()) + ":  SeekToIteration is not yet implemented");
 
 	// TODO: these were Salsa20, and Wei re-arranged the state array for SSE2 operations.
 	// If we can generate some out-of-band test vectors, then test and implement. Also
@@ -69,7 +69,8 @@ void ChaCha_Policy::SeekToIteration(lword iterationCount)
 	// m_state[5] = (word32)SafeRightShift<32>(iterationCount);
 }
 
-unsigned int ChaCha_Policy::GetAlignment() const
+template<unsigned int R>
+unsigned int ChaCha_Policy<R>::GetAlignment() const
 {
 #if CRYPTOPP_SSE2_ASM_AVAILABLE && 0
 	if (HasSSE2())
@@ -79,7 +80,8 @@ unsigned int ChaCha_Policy::GetAlignment() const
 		return GetAlignmentOf<word32>();
 }
 
-unsigned int ChaCha_Policy::GetOptimalBlockSize() const
+template<unsigned int R>
+unsigned int ChaCha_Policy<R>::GetOptimalBlockSize() const
 {
 #if CRYPTOPP_SSE2_ASM_AVAILABLE && 0
 	if (HasSSE2())
@@ -89,7 +91,8 @@ unsigned int ChaCha_Policy::GetOptimalBlockSize() const
 		return BYTES_PER_ITERATION;
 }
 
-void ChaCha_Policy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)
+template<unsigned int R>
+void ChaCha_Policy<R>::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)
 {
 	word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
 
@@ -100,7 +103,7 @@ void ChaCha_Policy::OperateKeystream(KeystreamOperation operation, byte *output,
 		x8 = m_state[8];	x9 = m_state[9];	x10 = m_state[10];	x11 = m_state[11];
 		x12 = m_state[12];	x13 = m_state[13];	x14 = m_state[14];	x15 = m_state[15];
 
-		for (int i = static_cast<int>(m_rounds); i > 0; i -= 2)
+		for (int i = static_cast<int>(ROUNDS); i > 0; i -= 2)
 		{
 			CHACHA_QUARTER_ROUND(x0, x4,  x8, x12);
 			CHACHA_QUARTER_ROUND(x1, x5,  x9, x13);
@@ -141,5 +144,8 @@ void ChaCha_Policy::OperateKeystream(KeystreamOperation operation, byte *output,
 	}
 }
 
-NAMESPACE_END
+template class ChaCha_Policy<8>;
+template class ChaCha_Policy<12>;
+template class ChaCha_Policy<20>;
 
+NAMESPACE_END

chacha.h

@@ -20,19 +20,21 @@ NAMESPACE_BEGIN(CryptoPP)
 
 /// \brief ChaCha stream cipher information
 /// \since Crypto++ 5.6.4
-struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>
+template <unsigned int R>
+struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>, public FixedRounds<R>
 {
 	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {
-		return "ChaCha";
+		return (R==8?"ChaCha8":(R==12?"ChaCha12":(R==20?"ChaCha20":"ChaCha")));
 	}
 };
 
 /// \brief ChaCha stream cipher implementation
 /// \since Crypto++ 5.6.4
+template <unsigned int R>
 class CRYPTOPP_NO_VTABLE ChaCha_Policy : public AdditiveCipherConcretePolicy<word32, 16>
 {
 protected:
-
+	CRYPTOPP_CONSTANT(ROUNDS=FixedRounds<R>::ROUNDS)
 	void CipherSetKey(const NameValuePairs &params, const byte *key, size_t length);
 	void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount);
 	void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length);
@@ -45,15 +47,33 @@ protected:
 	int m_rounds;
 };
 
-/// \brief ChaCha stream cipher
+/// \brief ChaCha8 stream cipher
 /// \sa <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28).
-/// \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working group's implementation for
+/// \since Crypto++ 5.6.4
+struct ChaCha8 : public ChaCha_Info<8>, public SymmetricCipherDocumentation
+{
+	typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy<8>, AdditiveCipherTemplate<> >, ChaCha_Info<8> > Encryption;
+	typedef Encryption Decryption;
+};
+
+/// \brief ChaCha12 stream cipher
+/// \sa <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28).
+/// \since Crypto++ 5.6.4
+struct ChaCha12 : public ChaCha_Info<12>, public SymmetricCipherDocumentation
+{
+	typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy<12>, AdditiveCipherTemplate<> >, ChaCha_Info<12> > Encryption;
+	typedef Encryption Decryption;
+};
+
+/// \brief ChaCha20 stream cipher
+/// \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working roup's implementation for
 ///   cipher suites <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
 ///   <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>.
+/// \sa <a href="http://cr.yp.to/chacha/chacha-20080208.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28).
 /// \since Crypto++ 5.6.4
-struct ChaCha : public ChaCha_Info, public SymmetricCipherDocumentation
+struct ChaCha20 : public ChaCha_Info<20>, public SymmetricCipherDocumentation
 {
-	typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy, AdditiveCipherTemplate<> >, ChaCha_Info> Encryption;
+	typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy<20>, AdditiveCipherTemplate<> >, ChaCha_Info<20> > Encryption;
 	typedef Encryption Decryption;
 };
 

regtest2.cpp

@@ -118,7 +118,9 @@ void RegisterFactories2()
 	RegisterSymmetricCipherDefaultFactories<CTR_Mode<AES> >();
 	RegisterSymmetricCipherDefaultFactories<Salsa20>();
 	RegisterSymmetricCipherDefaultFactories<XSalsa20>();
-	RegisterSymmetricCipherDefaultFactories<ChaCha>();
+	RegisterSymmetricCipherDefaultFactories<ChaCha8>();
+	RegisterSymmetricCipherDefaultFactories<ChaCha12>();
+	RegisterSymmetricCipherDefaultFactories<ChaCha20>();
 	RegisterSymmetricCipherDefaultFactories<Sosemanuk>();
 	RegisterSymmetricCipherDefaultFactories<Rabbit>();
 	RegisterSymmetricCipherDefaultFactories<RabbitWithIV>();