+ crypto_stream_chacha20_xor_ic() to set the initial value of the block counter

src/libsodium/crypto_stream/chacha20/ref/api.h

@@ -6,7 +6,7 @@ crypto_stream_chacha20_ref(unsigned char *c, unsigned long long clen,
                            const unsigned char *n, const unsigned char *k);
 
 int
-crypto_stream_chacha20_ref_xor(unsigned char *c, const unsigned char *m,
-                               unsigned long long mlen, const unsigned char *n,
-                               const unsigned char *k);
-
+crypto_stream_chacha20_ref_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k);

src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.c

@@ -248,19 +248,28 @@ crypto_stream_chacha20_ref(unsigned char *c, unsigned long long clen,
 }
 
 int
-crypto_stream_chacha20_ref_xor(unsigned char *c, const unsigned char *m,
-                               unsigned long long mlen, const unsigned char *n,
-                               const unsigned char *k)
+crypto_stream_chacha20_ref_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k)
 {
     struct chacha_ctx ctx;
+    uint8_t           ic_bytes[8];
+    uint32_t          ic_high;
+    uint32_t          ic_low;
 
     if (!mlen) {
         return 0;
     }
+    ic_high = U32V(ic >> 32);
+    ic_low = U32V(ic);
+    U32TO8_LITTLE(&ic_bytes[0], ic_low);
+    U32TO8_LITTLE(&ic_bytes[4], ic_high);
     chacha_keysetup(&ctx, k);
-    chacha_ivsetup(&ctx, n, NULL);
+    chacha_ivsetup(&ctx, n, ic_bytes);
     chacha_encrypt_bytes(&ctx, m, c, mlen);
     sodium_memzero(&ctx, sizeof ctx);
+    sodium_memzero(ic_bytes, sizeof ic_bytes);
 
     return 0;
 }

src/libsodium/crypto_stream/chacha20/stream_chacha20_api.c

@@ -18,10 +18,19 @@ crypto_stream_chacha20(unsigned char *c, unsigned long long clen,
     return crypto_stream_chacha20_ref(c, clen, n, k);
 }
 
+int
+crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                              unsigned long long mlen,
+                              const unsigned char *n, uint64_t ic,
+                              const unsigned char *k)
+{
+    return crypto_stream_chacha20_ref_xor_ic(c, m, mlen, n, ic, k);
+}
+
 int
 crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
                            unsigned long long mlen, const unsigned char *n,
                            const unsigned char *k)
 {
-    return crypto_stream_chacha20_ref_xor(c, m, mlen, n, k);
+    return crypto_stream_chacha20_ref_xor_ic(c, m, mlen, n, 0U, k);
 }

src/libsodium/include/sodium/crypto_stream_chacha20.h

@@ -10,6 +10,7 @@
  */
 
 #include <stddef.h>
+#include <stdint.h>
 #include "export.h"
 
 #ifdef __cplusplus
@@ -36,6 +37,11 @@ int crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
                                unsigned long long mlen, const unsigned char *n,
                                const unsigned char *k);
 
+SODIUM_EXPORT
+int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k);
 #ifdef __cplusplus
 }
 #endif