Add ChaCha using SIMD_4x32

This allows supporting SSE2, NEON and AltiVec in a single codebase,
so drop the NEON and SSE2 code.

This new impl avoids having to do shuffles with every round and so
is about 10% faster on Skylake.

Also, fix bugs in both baseline and AVX2 implementations when the
low counter overflowed. The SSE2 and NEON code were also buggy here.

4 files changed, 7 insertions, 4 deletions

diff --git a/src/build-data/botan.doxy.in b/src/build-data/botan.doxy.in
index 743a6e0b4..79ac34667 100644
--- a/src/build-data/botan.doxy.in
+++ b/src/build-data/botan.doxy.in
@@ -156,7 +156,7 @@ PREDEFINED             = BOTAN_HAS_AES_ARMV8 \
                          BOTAN_HAS_AES_NI \
                          BOTAN_HAS_AES_POWER8 \
                          BOTAN_HAS_AES_SSSE3 \
-                         BOTAN_HAS_CHACHA_SSE2 \
+                         BOTAN_HAS_CHACHA_SIMD32 \
                          BOTAN_HAS_CHACHA_AVX2 \
                          BOTAN_HAS_IDEA_SSE2 \
                          BOTAN_HAS_NOEKEON_SIMD \
diff --git a/src/build-data/policy/bsi.txt b/src/build-data/policy/bsi.txt
index f49ab79b0..763ca69e1 100644
--- a/src/build-data/policy/bsi.txt
+++ b/src/build-data/policy/bsi.txt
@@ -121,7 +121,8 @@ cfb
 
 # stream
 chacha
-chacha_sse2
+chacha_simd32
+chacha_avx2
 ofb
 rc4
 salsa20
diff --git a/src/build-data/policy/modern.txt b/src/build-data/policy/modern.txt
index 837325a2b..5f33211f7 100644
--- a/src/build-data/policy/modern.txt
+++ b/src/build-data/policy/modern.txt
@@ -65,7 +65,8 @@ aes_power8
 serpent_simd
 serpent_avx2
 threefish_512_avx2
-chacha_sse2
+chacha_simd32
+chacha_avx2
 
 sha1_sse2
 sha1_x86
diff --git a/src/build-data/policy/nist.txt b/src/build-data/policy/nist.txt
index 54a4e2830..157fc8247 100644
--- a/src/build-data/policy/nist.txt
+++ b/src/build-data/policy/nist.txt
@@ -123,7 +123,8 @@ cfb
 
 # stream
 chacha
-chacha_sse2
+chacha_simd32
+chacha_avx2
 shake_cipher
 ofb
 rc4