Restore panic upon ChaCha counter overflow

This was turned into a wrapping operation by accident.

Author: yorickpeterse

std/src/std/crypto/chacha.inko

@@ -357,8 +357,7 @@ type pub inline ChaCha {
   #
   # # Panics
   #
-  # This method panics if the value doesn't fit in the range valid for an
-  # unsigned 32-bits integer.
+  # This method panics if `value` is less than zero.
   fn pub mut counter=(value: Int) {
     if value < 0 { counter_size_error(value) } else { @matrix.set(12, value) }
   }
@@ -385,10 +384,10 @@ type pub inline ChaCha {
         i += 1
       }
 
-      # This in itself can't overflow, as the Int type is a 64-bits signed
-      # integer, and below we limit it to the range that fits in a 32-bits
-      # unsigned integer.
-      let new_size = @matrix.get(12).wrapping_add(1)
+      # The chance of this overflowing is practically zero, but we use checked
+      # arithmetic just in case so the counter doesn't silently overflow and
+      # potentially mess things up.
+      let new_size = @matrix.get(12) + 1
 
       @matrix.set(12, new_size)
 
@@ -512,8 +511,7 @@ type pub inline XChaCha {
   #
   # # Panics
   #
-  # This method panics if the value doesn't fit in the range valid for an
-  # unsigned 32-bits integer.
+  # This method panics if `value` is less than zero.
   fn pub mut counter=(value: Int) {
     @chacha.counter = value
   }

std/test/std/crypto/test_chacha.inko

@@ -388,6 +388,15 @@ fn pub tests(t: mut Tests) {
     t.equal(secret.to_string, 'hello')
   })
 
+  t.panic('ChaCha.encrypt with a counter that overflows', fn {
+    let key = ByteArray.filled(with: 1, times: 32)
+    let nonce = ByteArray.filled(with: 1, times: 12)
+    let cipher = ChaCha.new(key, nonce)
+
+    cipher.counter = INT_MAX
+    cipher.encrypt('hello'.to_byte_array)
+  })
+
   t.test('chacha.hchacha20', fn (t) {
     let key = ByteArray.from_array(
       [