From bdb4719f6dfb41a6e298f8a91f9d5b1fc56bfa17 Mon Sep 17 00:00:00 2001
From: Jesper Louis Andersen <jesper.louis.andersen@gmail.com>
Date: Tue, 21 Jan 2020 13:57:39 +0100
Subject: [PATCH] Fix AEAD parameter order / naming.

The order of parameters were in the wrong order. Make them equal
to the official order of libsodium.

While here, rename NONCEBYTES to NPUBBYTES so it reflects the
underlying names as well.
---
 c_src/aead.c         | 16 ++++++++--------
 src/enacl.erl        | 26 ++++++++++++--------------
 src/enacl_nif.erl    |  8 ++++----
 test/enacl_SUITE.erl |  7 ++++---
 4 files changed, 28 insertions(+), 29 deletions(-)

diff --git a/c_src/aead.c b/c_src/aead.c
index fc4f0de..4339c99 100644
--- a/c_src/aead.c
+++ b/c_src/aead.c
@@ -41,13 +41,13 @@ enacl_crypto_aead_chacha20poly1305_encrypt(ErlNifEnv *env, int argc,
 
   if (argc != 4)
     goto bad_arg;
-  if (!enif_inspect_binary(env, argv[0], &key))
+  if (!enif_inspect_binary(env, argv[0], &message))
     goto bad_arg;
-  if (!enif_inspect_binary(env, argv[1], &nonce))
+  if (!enif_inspect_binary(env, argv[1], &ad))
     goto bad_arg;
-  if (!enif_inspect_binary(env, argv[2], &ad))
+  if (!enif_inspect_binary(env, argv[2], &nonce))
     goto bad_arg;
-  if (!enif_inspect_binary(env, argv[3], &message))
+  if (!enif_inspect_binary(env, argv[3], &key))
     goto bad_arg;
   if (key.size != crypto_aead_chacha20poly1305_ietf_KEYBYTES)
     goto bad_arg;
@@ -87,13 +87,13 @@ enacl_crypto_aead_chacha20poly1305_decrypt(ErlNifEnv *env, int argc,
 
   if (argc != 4)
     goto bad_arg;
-  if (!enif_inspect_binary(env, argv[0], &key))
+  if (!enif_inspect_binary(env, argv[0], &ciphertext))
     goto bad_arg;
-  if (!enif_inspect_binary(env, argv[1], &nonce))
+  if (!enif_inspect_binary(env, argv[1], &ad))
     goto bad_arg;
-  if (!enif_inspect_binary(env, argv[2], &ad))
+  if (!enif_inspect_binary(env, argv[2], &nonce))
     goto bad_arg;
-  if (!enif_inspect_binary(env, argv[3], &ciphertext))
+  if (!enif_inspect_binary(env, argv[3], &message))
     goto bad_arg;
 
   if (ciphertext.size < crypto_aead_chacha20poly1305_ietf_ABYTES)
diff --git a/src/enacl.erl b/src/enacl.erl
index 6cb0770..2a3d032 100644
--- a/src/enacl.erl
+++ b/src/enacl.erl
@@ -69,7 +69,7 @@
          aead_chacha20poly1305_encrypt/4,
          aead_chacha20poly1305_decrypt/4,
          aead_chacha20poly1305_KEYBYTES/0,
-         aead_chacha20poly1305_NONCEBYTES/0,
+         aead_chacha20poly1305_NPUBBYTES/0,
          aead_chacha20poly1305_ABYTES/0,
          aead_chacha20poly1305_MESSAGEBYTES_MAX/0,
 
@@ -1169,28 +1169,26 @@ kx_secret_key_size() ->
 %% `AD' using `Key' and `Nonce'. Returns the encrypted message followed by
 %% `aead_chacha20poly1305_ABYTES/0' bytes of MAC.
 %% @end
--spec aead_chacha20poly1305_encrypt(Key, Nonce, AD, Msg) -> binary() | {error, term()}
+-spec aead_chacha20poly1305_encrypt(Msg, AD, Nonce, Key) -> binary() | {error, term()}
     when Key :: binary(),
-         Nonce :: pos_integer(),
+         Nonce :: binary(),
          AD :: binary(),
          Msg :: binary().
-aead_chacha20poly1305_encrypt(Key, Nonce, AD, Msg) ->
-    NonceBin = <<0:32, Nonce:64/little-unsigned-integer>>,
-    enacl_nif:crypto_aead_chacha20poly1305_encrypt(Key, NonceBin, AD, Msg).
+aead_chacha20poly1305_encrypt(Msg, AD, Nonce, Key) ->
+    enacl_nif:crypto_aead_chacha20poly1305_encrypt(Msg, AD, Nonce, Key).
 
 %% @doc aead_chacha20poly1305_decrypt/4 decrypts ciphertext `CT' with additional
 %% data `AD' using `Key' and `Nonce'. Note: `CipherText' should contain
 %% `aead_chacha20poly1305_ABYTES/0' bytes that is the MAC. Returns the decrypted
 %% message.
 %% @end
--spec aead_chacha20poly1305_decrypt(Key, Nonce, AD, CT) -> binary() | {error, term()}
+-spec aead_chacha20poly1305_decrypt(CT, AD, Nonce, Key) -> binary() | {error, term()}
     when Key :: binary(),
-         Nonce :: pos_integer(),
+         Nonce :: binary(),
          AD :: binary(),
          CT :: binary().
-aead_chacha20poly1305_decrypt(Key, Nonce, AD, CT) ->
-    NonceBin = <<0:32, Nonce:64/little-unsigned-integer>>,
-    enacl_nif:crypto_aead_chacha20poly1305_decrypt(Key, NonceBin, AD, CT).
+aead_chacha20poly1305_decrypt(CT, AD, Nonce, Key) ->
+    enacl_nif:crypto_aead_chacha20poly1305_decrypt(CT, AD, Nonce, Key).
 
 %% @doc aead_chacha20poly1305_KEYBYTES/0 returns the number of bytes
 %% of the key used in AEAD ChaCha20 Poly1305 encryption/decryption.
@@ -1199,11 +1197,11 @@ aead_chacha20poly1305_decrypt(Key, Nonce, AD, CT) ->
 aead_chacha20poly1305_KEYBYTES() ->
     enacl_nif:crypto_aead_chacha20poly1305_KEYBYTES().
 
-%% @doc aead_chacha20poly1305_NONCEBYTES/0 returns the number of bytes
+%% @doc aead_chacha20poly1305_NPUBBYTES/0 returns the number of bytes
 %% of the Nonce in AEAD ChaCha20 Poly1305 encryption/decryption.
 %% @end
--spec aead_chacha20poly1305_NONCEBYTES() -> pos_integer().
-aead_chacha20poly1305_NONCEBYTES() ->
+-spec aead_chacha20poly1305_NPUBBYTES() -> pos_integer().
+aead_chacha20poly1305_NPUBBYTES() ->
     enacl_nif:crypto_aead_chacha20poly1305_NPUBBYTES().
 
 %% @doc aead_chacha20poly1305_ABYTES/0 returns the number of bytes
diff --git a/src/enacl_nif.erl b/src/enacl_nif.erl
index a6d6ec5..dfa7b97 100644
--- a/src/enacl_nif.erl
+++ b/src/enacl_nif.erl
@@ -272,15 +272,15 @@ crypto_stream_b(_Bytes, _Nonce, _Key) -> erlang:nif_error(nif_not_loaded).
 crypto_stream_xor(_M, _Nonce, _Key) -> erlang:nif_error(nif_not_loaded).
 crypto_stream_xor_b(_M, _Nonce, _Key) -> erlang:nif_error(nif_not_loaded).
 
-crypto_aead_chacha20poly1305_encrypt(_Key, _Nonce, _AD, _Message) -> erlang:nif_error(nif_not_loaded).
-crypto_aead_chacha20poly1305_decrypt(_Key, _Nonce, _AD, _Message) -> erlang:nif_error(nif_not_loaded).
+crypto_aead_chacha20poly1305_encrypt(_Message, _AD, _Nonce, _Key) -> erlang:nif_error(nif_not_loaded).
+crypto_aead_chacha20poly1305_decrypt(_CipherText, _AD, _Nonce, _Key) -> erlang:nif_error(nif_not_loaded).
 crypto_aead_chacha20poly1305_KEYBYTES()                           -> erlang:nif_error(nif_not_loaded).
 crypto_aead_chacha20poly1305_NPUBBYTES()                          -> erlang:nif_error(nif_not_loaded).
 crypto_aead_chacha20poly1305_ABYTES()                             -> erlang:nif_error(nif_not_loaded).
 crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX()                   -> erlang:nif_error(nif_not_loaded).
 
-crypto_aead_xchacha20poly1305_encrypt(_Key, _Nonce, _AD, _Message) -> erlang:nif_error(nif_not_loaded).
-crypto_aead_xchacha20poly1305_decrypt(_Key, _Nonce, _AD, _Message) -> erlang:nif_error(nif_not_loaded).
+crypto_aead_xchacha20poly1305_encrypt(_Message, _AD, _Nonce, _Key) -> erlang:nif_error(nif_not_loaded).
+crypto_aead_xchacha20poly1305_decrypt(_CipherText, _AD, _Nonce, _Key) -> erlang:nif_error(nif_not_loaded).
 crypto_aead_xchacha20poly1305_KEYBYTES()                           -> erlang:nif_error(nif_not_loaded).
 crypto_aead_xchacha20poly1305_NPUBBYTES()                          -> erlang:nif_error(nif_not_loaded).
 crypto_aead_xchacha20poly1305_ABYTES()                             -> erlang:nif_error(nif_not_loaded).
diff --git a/test/enacl_SUITE.erl b/test/enacl_SUITE.erl
index 8ff5b5c..b752bba 100644
--- a/test/enacl_SUITE.erl
+++ b/test/enacl_SUITE.erl
@@ -103,14 +103,15 @@ aead_xchacha20poly1305(_Config) ->
     ok.
 
 aead_chacha20poly1305(_Config) ->
+    NonceLen = enacl:aead_chacha20poly1305_NPUBBYTES(),
     KLen = enacl:aead_chacha20poly1305_KEYBYTES(),
     Key = binary:copy(<<"K">>, KLen),
     Msg = <<"test">>,
     AD = <<1,2,3,4,5,6>>,
-    Nonce = 1337,
+    Nonce = binary:copy(<<"N">>, NonceLen),
 
-    CipherText = enacl:aead_chacha20poly1305_encrypt(Key, Nonce, AD, Msg),
-    Msg = enacl:aead_chacha20poly1305_decrypt(Key, Nonce, AD, CipherText),
+    CipherText = enacl:aead_chacha20poly1305_encrypt(Msg, AD, Nonce, Key),
+    Msg = enacl:aead_chacha20poly1305_decrypt(CipherText, AD, Nonce, Key),
     ok.
 
 pwhash(_Config) ->