reverted 'remaining_blocks()' and backends due to #444

Author: nstilt1

chacha20/src/backends/avx2.rs

@@ -55,9 +55,7 @@ where
     f.call(&mut backend);
 
     state[12] = _mm256_extract_epi32(backend.ctr[0], 0) as u32;
-    if size_of::<V::Counter>() == 8 {
-        state[13] = _mm256_extract_epi32(backend.ctr[0], 1) as u32;
-    }
+    state[13] = _mm256_extract_epi32(backend.ctr[0], 1) as u32;
 }
 
 #[inline]

chacha20/src/backends/neon.rs

@@ -70,14 +70,10 @@ where
 
     f.call(&mut backend);
 
-    if size_of::<V::Counter>() == 8 {
-        vst1q_u64(
-            state.as_mut_ptr().offset(12) as *mut u64,
-            vreinterpretq_u64_u32(backend.state[3]),
-        );
-    } else {
-        state[12] = vgetq_lane_u32(backend.state[3], 0);
-    }
+    vst1q_u64(
+        state.as_mut_ptr().offset(12) as *mut u64,
+        vreinterpretq_u64_u32(backend.state[3]),
+    );
 }
 
 #[inline]

chacha20/src/backends/soft.rs

@@ -33,9 +33,7 @@ impl<R: Rounds, V: Variant> StreamCipherBackend for Backend<'_, R, V> {
             self.0.state[12] = v;
         } else {
             self.0.state[12] = 0;
-            if size_of::<V::Counter>() == 8 {
-                self.0.state[13] = self.0.state[13].wrapping_add(1);
-            }
+            self.0.state[13] = self.0.state[13].wrapping_add(1);
         }
 
         for (chunk, val) in block.chunks_exact_mut(4).zip(res.iter()) {

chacha20/src/backends/sse2.rs

@@ -43,9 +43,7 @@ where
     f.call(&mut backend);
 
     state[12] = _mm_cvtsi128_si32(backend.v[3]) as u32;
-    if size_of::<V::Counter>() == 8 {
-        state[13] = _mm_extract_epi32(backend.v[3], 1) as u32;
-    }
+    state[13] = _mm_extract_epi32(backend.v[3], 1) as u32;
 }
 
 struct Backend<R: Rounds> {

chacha20/src/variants.rs

@@ -45,13 +45,7 @@ impl Variant for Ietf {
     }
     #[inline(always)]
     fn remaining_blocks(block_pos: Self::Counter) -> Option<usize> {
-        let total_blocks = 1u64 << 32;
-        let rem = total_blocks - block_pos as u64;
-        #[cfg(target_pointer_width = "32")]
-        if rem > usize::MAX as u64 {
-            return None;
-        }
-        rem.try_into().ok()
+        (u32::MAX - block_pos).try_into().ok()
     }
 }
 
@@ -76,8 +70,9 @@ impl Variant for Legacy {
     }
     #[inline(always)]
     fn remaining_blocks(block_pos: Self::Counter) -> Option<usize> {
-        let remaining = (1u128 << 64) - block_pos as u128;
-        if remaining > usize::MAX as u128 {
+        let remaining = u64::MAX - block_pos;
+        #[cfg(target_pointer_width = "32")]
+        if remaining > usize::MAX as u64 {
             return None;
         }
         remaining.try_into().ok()

chacha20/tests/kats.rs

@@ -108,7 +108,7 @@ mod chacha20test {
                 let mut buf_2 = [0u8; $num_blocks * 64 + 1];
 
                 // seek to end of keystream
-                let pos = (1 << 32) * 64 - $num_blocks * 64;
+                let pos = (1 << 32) * 64 - $num_blocks * 64 - 64;
                 cipher.try_seek(pos).unwrap();
                 assert_eq!(cipher.current_pos::<u64>(), pos);
 
@@ -119,8 +119,11 @@ mod chacha20test {
                 // exhaust keystream
                 cipher.apply_keystream(&mut buf_1);
 
+                // verify that we cannot write another byte
+                assert!(cipher.try_apply_keystream(&mut [0u8; 1]).is_err());
+
                 // seek to beginning and check if the first block is the same as before
-                //cipher.seek(0);
+                cipher.seek(0);
                 assert_eq!(cipher.current_pos::<u64>(), 0);
                 cipher.apply_keystream(&mut first_4_blocks);