From d2817487e8f671d67e968cc1b0483afb237f89d7 Mon Sep 17 00:00:00 2001
From: Lucas Gabriel Vuotto <lucas@lgv5.net>
Date: Sun, 9 Jun 2024 02:19:51 +0000
Subject: [PATCH] aead/chacha20-poly1305: inline anycrypt

Also use decrypt for the decryption path instead of relying on ChaCha20
using the same stream for encryption and decryption.
---
 aead_chacha20_poly1305.c | 54 ++++++++++++++++++++++++----------------
 1 file changed, 33 insertions(+), 21 deletions(-)

diff --git a/aead_chacha20_poly1305.c b/aead_chacha20_poly1305.c
index 22e3e66..e01d000 100644
--- a/aead_chacha20_poly1305.c
+++ b/aead_chacha20_poly1305.c
@@ -48,23 +48,6 @@ aead_poly1305_keysetup(struct lc_cipher_ctx *cctx,
 	return akeylen == LC_POLY1305_KEYLEN;
 }
 
-static int
-aead_poly1305_anycrypt(struct lc_cipher_ctx *cctx, uint8_t *out,
-    size_t *outlen, const void *initparams, const uint8_t *in, size_t inlen)
-{
-	size_t	olen;
-
-	if (!lc_cipher_encrypt_init(cctx, initparams) ||
-	    !lc_cipher_encrypt_update(cctx, out, &olen, in, inlen))
-		return 0;
-	*outlen = olen;
-	if (!lc_cipher_encrypt_final(cctx, out + olen, &olen))
-		return 0;
-	*outlen += olen;
-
-	return *outlen == inlen;
-}
-
 static int
 chacha20_poly1305_seal(uint8_t *out, size_t *outlen, const void *initparams,
     const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen)
@@ -118,7 +101,14 @@ chacha20_poly1305_seal(uint8_t *out, size_t *outlen, const void *initparams,
 			goto cleanup;
 
 	cparams.counter = 1;
-	if (!aead_poly1305_anycrypt(cctx, out, outlen, &cparams, in, inlen))
+	if (!lc_cipher_encrypt_init(cctx, &cparams) ||
+	    !lc_cipher_encrypt_update(cctx, out, &olen, in, inlen))
+		goto cleanup;
+	*outlen = olen;
+	if (!lc_cipher_encrypt_final(cctx, out + olen, &olen))
+		goto cleanup;
+	*outlen += olen;
+	if (*outlen != inlen)
 		goto cleanup;
 
 	if (!lc_auth_update(actx, out, inlen))
@@ -200,7 +190,14 @@ xchacha20_poly1305_seal(uint8_t *out, size_t *outlen, const void *initparams,
 			goto cleanup;
 
 	cparams.counter = 1;
-	if (!aead_poly1305_anycrypt(cctx, out, outlen, &cparams, in, inlen))
+	if (!lc_cipher_encrypt_init(cctx, &cparams) ||
+	    !lc_cipher_encrypt_update(cctx, out, &olen, in, inlen))
+		goto cleanup;
+	*outlen = olen;
+	if (!lc_cipher_encrypt_final(cctx, out + olen, &olen))
+		goto cleanup;
+	*outlen += olen;
+	if (*outlen != inlen)
 		goto cleanup;
 
 	if (!lc_auth_update(actx, out, inlen))
@@ -301,8 +298,16 @@ chacha20_poly1305_open(uint8_t *out, size_t *outlen, const void *initparams,
 		goto cleanup;
 
 	cparams.counter = 1;
-	if (!aead_poly1305_anycrypt(cctx, out, outlen, &cparams, in, ctlen))
+	if (!lc_cipher_decrypt_init(cctx, &cparams) ||
+	    !lc_cipher_decrypt_update(cctx, out, &olen, in, ctlen))
 		goto cleanup;
+	*outlen = olen;
+	if (!lc_cipher_decrypt_final(cctx, out + olen, &olen))
+		goto cleanup;
+	*outlen += olen;
+	if (*outlen != ctlen)
+		goto cleanup;
+
 	ret = 1;
 
  cleanup:
@@ -388,7 +393,14 @@ xchacha20_poly1305_open(uint8_t *out, size_t *outlen, const void *initparams,
 		goto cleanup;
 
 	cparams.counter = 1;
-	if (!aead_poly1305_anycrypt(cctx, out, outlen, &cparams, in, ctlen))
+	if (!lc_cipher_decrypt_init(cctx, &cparams) ||
+	    !lc_cipher_decrypt_update(cctx, out, &olen, in, ctlen))
+		goto cleanup;
+	*outlen = olen;
+	if (!lc_cipher_decrypt_final(cctx, out + olen, &olen))
+		goto cleanup;
+	*outlen += olen;
+	if (*outlen != ctlen)
 		goto cleanup;
 	ret = 1;