13 NAMESPACE_BEGIN(CryptoPP)
15 #define CHACHA_QUARTER_ROUND(a,b,c,d) \
16 a += b; d ^= a; d = rotlFixed<word32>(d,16); \
17 c += d; b ^= c; b = rotlFixed<word32>(b,12); \
18 a += b; d ^= a; d = rotlFixed<word32>(d, 8); \
19 c += d; b ^= c; b = rotlFixed<word32>(b, 7);
21 #if CRYPTOPP_DEBUG && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
22 void ChaCha_TestInstantiations()
30 template <
unsigned int R>
33 CRYPTOPP_UNUSED(params);
37 m_state[0] = 0x61707865;
38 m_state[1] = (length == 16) ? 0x3120646e : 0x3320646e;
39 m_state[2] = (length == 16) ? 0x79622d36 : 0x79622d32;
40 m_state[3] = 0x6b206574;
43 get1(m_state[4])(m_state[5])(m_state[6])(m_state[7]);
46 get2(m_state[8])(m_state[9])(m_state[10])(m_state[11]);
49 template <
unsigned int R>
52 CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
56 m_state[12] = m_state[13] = 0;
57 get(m_state[14])(m_state[15]);
60 template<
unsigned int R>
63 CRYPTOPP_UNUSED(iterationCount);
73 template<
unsigned int R>
76 #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && 0
81 return GetAlignmentOf<word32>();
84 template<
unsigned int R>
87 #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && 0
89 return 4*BYTES_PER_ITERATION;
92 return BYTES_PER_ITERATION;
95 template<
unsigned int R>
98 word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
100 while (iterationCount--)
102 x0 = m_state[0]; x1 = m_state[1]; x2 = m_state[2]; x3 = m_state[3];
103 x4 = m_state[4]; x5 = m_state[5]; x6 = m_state[6]; x7 = m_state[7];
104 x8 = m_state[8]; x9 = m_state[9]; x10 = m_state[10]; x11 = m_state[11];
105 x12 = m_state[12]; x13 = m_state[13]; x14 = m_state[14]; x15 = m_state[15];
107 for (
int i = static_cast<int>(ROUNDS); i > 0; i -= 2)
109 CHACHA_QUARTER_ROUND(x0, x4, x8, x12);
110 CHACHA_QUARTER_ROUND(x1, x5, x9, x13);
111 CHACHA_QUARTER_ROUND(x2, x6, x10, x14);
112 CHACHA_QUARTER_ROUND(x3, x7, x11, x15);
114 CHACHA_QUARTER_ROUND(x0, x5, x10, x15);
115 CHACHA_QUARTER_ROUND(x1, x6, x11, x12);
116 CHACHA_QUARTER_ROUND(x2, x7, x8, x13);
117 CHACHA_QUARTER_ROUND(x3, x4, x9, x14);
121 #define CHACHA_OUTPUT(x){\
122 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 0, x0 + m_state[0]);\
123 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 1, x1 + m_state[1]);\
124 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 2, x2 + m_state[2]);\
125 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 3, x3 + m_state[3]);\
126 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 4, x4 + m_state[4]);\
127 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 5, x5 + m_state[5]);\
128 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 6, x6 + m_state[6]);\
129 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 7, x7 + m_state[7]);\
130 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 8, x8 + m_state[8]);\
131 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 9, x9 + m_state[9]);\
132 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 10, x10 + m_state[10]);\
133 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 11, x11 + m_state[11]);\
134 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 12, x12 + m_state[12]);\
135 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 13, x13 + m_state[13]);\
136 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 14, x14 + m_state[14]);\
137 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 15, x15 + m_state[15]);}
139 #ifndef CRYPTOPP_DOXYGEN_PROCESSING
144 m_state[13] +=
static_cast<word32
>(m_state[12] == 0);
Standard names for retrieving values by name when working with NameValuePairs.
ChaCha stream cipher information.
Utility functions for the Crypto++ library.
Library configuration file.
#define CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(x, y)
Helper macro to implement OperateKeystream.
A method was called which was not implemented.
ChaCha stream cipher implementation.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Functions for CPU features and intrinsics.
const char * IV()
ConstByteArrayParameter, also accepts const byte * for backwards compatibility.
bool HasSSE2()
Determines SSE2 availability.
Access a block of memory.
KeystreamOperation
Keystream operation flags.
SymmetricCipher implementation.
Classes for ChaCha8, ChaCha12 and ChaCha20 stream ciphers.
Interface for retrieving values given their names.