Make ChaCha an Salsa use the same design pattern

TestVectors/chacha.txt

@@ -1,5 +1,5 @@
 AlgorithmType: SymmetricCipher
-Name: ChaCha8
+Name: ChaCha
 Source: http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors
 Comment: TC1 - All zero key and IV (16-byte key).
 Key: r16 00
@@ -40,7 +40,7 @@ Ciphertext: 2b8f4bb3798306ca5130d47c4f8d4ed13aa0edccc1be6942090faeeca0d7599b7ff0
 Test: Encrypt
 
 AlgorithmType: SymmetricCipher
-Name: ChaCha12
+Name: ChaCha
 Source: http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors
 Comment: TC1 - All zero key and IV (16-byte key).
 Key: r16 00
@@ -81,7 +81,7 @@ Ciphertext: 64b8bdf87b828c4b6dbaf7ef698de03df8b33f635714418f9836ade59be1296946c9
 Test: Encrypt
 
 AlgorithmType: SymmetricCipher
-Name: ChaCha20
+Name: ChaCha
 Source: http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors
 Comment: TC1 - All zero key and IV (16-byte key).
 Key: r16 00

bench2.cpp

@@ -138,9 +138,9 @@ void Benchmark2(double t, double hertz)
 		BenchMarkByName<SymmetricCipher>("Salsa20");
 		BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20/12", MakeParameters(Name::Rounds(), 12));
 		BenchMarkByName<SymmetricCipher>("Salsa20", 0, "Salsa20/8", MakeParameters(Name::Rounds(), 8));
-		BenchMarkByName<SymmetricCipher>("ChaCha8");
+		BenchMarkByName<SymmetricCipher>("ChaCha");
-		BenchMarkByName<SymmetricCipher>("ChaCha12");
+		BenchMarkByName<SymmetricCipher>("ChaCha", 0, "ChaCha/12", MakeParameters(Name::Rounds(), 12));
-		BenchMarkByName<SymmetricCipher>("ChaCha20");
+		BenchMarkByName<SymmetricCipher>("ChaCha", 0, "ChaCha/8", MakeParameters(Name::Rounds(), 8));
 		BenchMarkByName<SymmetricCipher>("Sosemanuk");
 		BenchMarkByName<SymmetricCipher>("Rabbit");
 		BenchMarkByName<SymmetricCipher>("RabbitWithIV");

chacha.cpp

@@ -20,18 +20,19 @@ NAMESPACE_BEGIN(CryptoPP)
 #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
 void ChaCha_TestInstantiations()
 {
-	ChaCha8::Encryption x1;
+	ChaCha8::Encryption x;
-	ChaCha12::Encryption x2;
-	ChaCha20::Encryption x3;
 }
 #endif
 
-template<unsigned int R>
+void ChaCha_Policy::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)
-void ChaCha_Policy<R>::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)
 {
 	CRYPTOPP_UNUSED(params);
 	CRYPTOPP_ASSERT(length == 16 || length == 32);
 
+	m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20);
+	if (!(m_rounds == 8 || m_rounds == 12 || m_rounds == 20))
+		throw InvalidRounds(ChaCha::StaticAlgorithmName(), m_rounds);
+
 	// "expand 16-byte k" or "expand 32-byte k"
 	m_state[0] = 0x61707865;
 	m_state[1] = (length == 16) ? 0x3120646e : 0x3320646e;
@@ -45,8 +46,7 @@ void ChaCha_Policy<R>::CipherSetKey(const NameValuePairs &params, const byte *ke
 	get2(m_state[8])(m_state[9])(m_state[10])(m_state[11]);
 }
 
-template<unsigned int R>
+void ChaCha_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length)
-void ChaCha_Policy<R>::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length)
 {
 	CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
 	CRYPTOPP_ASSERT(length==8);
@@ -56,11 +56,10 @@ void ChaCha_Policy<R>::CipherResynchronize(byte *keystreamBuffer, const byte *IV
 	get(m_state[14])(m_state[15]);
 }
 
-template<unsigned int R>
+void ChaCha_Policy::SeekToIteration(lword iterationCount)
-void ChaCha_Policy<R>::SeekToIteration(lword iterationCount)
 {
 	CRYPTOPP_UNUSED(iterationCount);
-	throw NotImplemented(std::string(ChaCha_Info<R>::StaticAlgorithmName()) + ":  SeekToIteration is not yet implemented");
+	throw NotImplemented(std::string(ChaCha_Info::StaticAlgorithmName()) + ":  SeekToIteration is not yet implemented");
 
 	// TODO: these were Salsa20, and Wei re-arranged the state array for SSE2 operations.
 	// If we can generate some out-of-band test vectors, then test and implement. Also
@@ -69,8 +68,7 @@ void ChaCha_Policy<R>::SeekToIteration(lword iterationCount)
 	// m_state[5] = (word32)SafeRightShift<32>(iterationCount);
 }
 
-template<unsigned int R>
+unsigned int ChaCha_Policy::GetAlignment() const
-unsigned int ChaCha_Policy<R>::GetAlignment() const
 {
 #if CRYPTOPP_SSE2_ASM_AVAILABLE && 0
 	if (HasSSE2())
@@ -80,8 +78,7 @@ unsigned int ChaCha_Policy<R>::GetAlignment() const
 		return GetAlignmentOf<word32>();
 }
 
-template<unsigned int R>
+unsigned int ChaCha_Policy::GetOptimalBlockSize() const
-unsigned int ChaCha_Policy<R>::GetOptimalBlockSize() const
 {
 #if CRYPTOPP_SSE2_ASM_AVAILABLE && 0
 	if (HasSSE2())
@@ -91,8 +88,7 @@ unsigned int ChaCha_Policy<R>::GetOptimalBlockSize() const
 		return BYTES_PER_ITERATION;
 }
 
-template<unsigned int R>
+void ChaCha_Policy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)
-void ChaCha_Policy<R>::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)
 {
 	word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
 
@@ -103,7 +99,7 @@ void ChaCha_Policy<R>::OperateKeystream(KeystreamOperation operation, byte *outp
 		x8 = m_state[8];	x9 = m_state[9];	x10 = m_state[10];	x11 = m_state[11];
 		x12 = m_state[12];	x13 = m_state[13];	x14 = m_state[14];	x15 = m_state[15];
 
-		for (int i = static_cast<int>(ROUNDS); i > 0; i -= 2)
+		for (int i = static_cast<int>(m_rounds); i > 0; i -= 2)
 		{
 			CHACHA_QUARTER_ROUND(x0, x4,  x8, x12);
 			CHACHA_QUARTER_ROUND(x1, x5,  x9, x13);
@@ -144,8 +140,4 @@ void ChaCha_Policy<R>::OperateKeystream(KeystreamOperation operation, byte *outp
 	}
 }
 
-template class ChaCha_Policy<8>;
-template class ChaCha_Policy<12>;
-template class ChaCha_Policy<20>;
-
 NAMESPACE_END

chacha.h

@@ -20,21 +20,18 @@ NAMESPACE_BEGIN(CryptoPP)
 
 /// \brief ChaCha stream cipher information
 /// \since Crypto++ 5.6.4
-template <unsigned int R>
+struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>
-struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>, public FixedRounds<R>
 {
-	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {
+	static const char* StaticAlgorithmName() {
-		return (R==8?"ChaCha8":(R==12?"ChaCha12":(R==20?"ChaCha20":"ChaCha")));
+		return "ChaCha";
 	}
 };
 
 /// \brief ChaCha stream cipher implementation
 /// \since Crypto++ 5.6.4
-template <unsigned int R>
 class CRYPTOPP_NO_VTABLE ChaCha_Policy : public AdditiveCipherConcretePolicy<word32, 16>
 {
 protected:
-	CRYPTOPP_CONSTANT(ROUNDS=FixedRounds<R>::ROUNDS)
 	void CipherSetKey(const NameValuePairs &params, const byte *key, size_t length);
 	void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount);
 	void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length);
@@ -47,33 +44,17 @@ protected:
 	int m_rounds;
 };
 
-/// \brief ChaCha8 stream cipher
+/// \brief ChaCha stream cipher
-/// \sa <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28).
+/// \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working
-/// \since Crypto++ 5.6.4
+///   group's implementation for cipher suites
-struct ChaCha8 : public ChaCha_Info<8>, public SymmetricCipherDocumentation
+///   <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
-{
+///   <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and
-	typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy<8>, AdditiveCipherTemplate<> >, ChaCha_Info<8> > Encryption;
+///   <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>.
-	typedef Encryption Decryption;
-};
-
-/// \brief ChaCha12 stream cipher
-/// \sa <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28).
-/// \since Crypto++ 5.6.4
-struct ChaCha12 : public ChaCha_Info<12>, public SymmetricCipherDocumentation
-{
-	typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy<12>, AdditiveCipherTemplate<> >, ChaCha_Info<12> > Encryption;
-	typedef Encryption Decryption;
-};
-
-/// \brief ChaCha20 stream cipher
-/// \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working roup's implementation for
-///   cipher suites <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
-///   <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>.
 /// \sa <a href="http://cr.yp.to/chacha/chacha-20080208.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28).
 /// \since Crypto++ 5.6.4
-struct ChaCha20 : public ChaCha_Info<20>, public SymmetricCipherDocumentation
+struct ChaCha : public ChaCha_Info, public SymmetricCipherDocumentation
 {
-	typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy<20>, AdditiveCipherTemplate<> >, ChaCha_Info<20> > Encryption;
+	typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy, AdditiveCipherTemplate<> >, ChaCha_Info > Encryption;
 	typedef Encryption Decryption;
 };
 

regtest2.cpp

@@ -92,9 +92,7 @@ void RegisterFactories3()
 
 	RegisterSymmetricCipherDefaultFactories<Salsa20>();
 	RegisterSymmetricCipherDefaultFactories<XSalsa20>();
-	RegisterSymmetricCipherDefaultFactories<ChaCha8>();
+	RegisterSymmetricCipherDefaultFactories<ChaCha>();
-	RegisterSymmetricCipherDefaultFactories<ChaCha12>();
-	RegisterSymmetricCipherDefaultFactories<ChaCha20>();
 	RegisterSymmetricCipherDefaultFactories<Sosemanuk>();
 	RegisterSymmetricCipherDefaultFactories<Rabbit>();
 	RegisterSymmetricCipherDefaultFactories<RabbitWithIV>();