From d4248be25d42b8075014a2f2a19d545489dbabc4 Mon Sep 17 00:00:00 2001
From: Jonathan Rudenberg <jonathan@titanous.com>
Date: Tue, 12 Jul 2016 21:32:38 -0400
Subject: [PATCH] Add method to get Cipher from CipherState

Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
---
 state.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/state.go b/state.go
index 5cfa789..c648ad1 100644
--- a/state.go
+++ b/state.go
@@ -10,20 +10,39 @@ type CipherState struct {
 	c  Cipher
 	k  [32]byte
 	n  uint64
+
+	invalid bool
 }
 
 func (s *CipherState) Encrypt(out, ad, plaintext []byte) []byte {
+	if s.invalid {
+		panic("noise: CipherSuite has been copied, state is invalid")
+	}
 	out = s.c.Encrypt(out, s.n, ad, plaintext)
 	s.n++
 	return out
 }
 
 func (s *CipherState) Decrypt(out, ad, ciphertext []byte) ([]byte, error) {
+	if s.invalid {
+		panic("noise: CipherSuite has been copied, state is invalid")
+	}
 	out, err := s.c.Decrypt(out, s.n, ad, ciphertext)
 	s.n++
 	return out, err
 }
 
+// Cipher returns the low-level symmetric encryption primitive. It should only
+// be used if nonces need to be managed manually, for example with a network
+// protocol that can deliver out-of-order messages. This is dangerous, users
+// must ensure that they are incrementing a nonce after every encrypt operation.
+// After calling this method, it is an error to call Encrypt/Decrypt on the
+// CipherState.
+func (s *CipherState) Cipher() Cipher {
+	s.invalid = true
+	return s.c
+}
+
 type symmetricState struct {
 	CipherState
 	hasK   bool