Revert "Use domain-separated ChaCha20 for in-memory key encryption"

This reverts commit 921dd8dde5d381052d0aa2936304a3541a230c55.

2 files changed, 50 insertions, 71 deletions

diff --git a/src/cryptonote_basic/account.cpp b/src/cryptonote_basic/account.cpp
index b366985ab..36ff41684 100644
--- a/src/cryptonote_basic/account.cpp
+++ b/src/cryptonote_basic/account.cpp
@@ -61,8 +61,7 @@ DISABLE_VS_WARNINGS(4244 4345)
     m_device = &hwdev;
     MCDEBUG("device", "account_keys::set_device device type: "<<typeid(hwdev).name());
   }
-
-  // Generate a derived chacha key
+  //-----------------------------------------------------------------
   static void derive_key(const crypto::chacha_key &base_key, crypto::chacha_key &key)
   {
     static_assert(sizeof(base_key) == sizeof(crypto::hash), "chacha key and hash should be the same size");
@@ -71,38 +70,25 @@ DISABLE_VS_WARNINGS(4244 4345)
     data[sizeof(base_key)] = config::HASH_KEY_MEMORY;
     crypto::generate_chacha_key(data.data(), sizeof(data), key, 1);
   }
-  
-  // Prepare IVs and start chacha for encryption
-  void account_keys::encrypt_wrapper(const crypto::chacha_key &key, const bool all_keys)
+  //-----------------------------------------------------------------
+  static epee::wipeable_string get_key_stream(const crypto::chacha_key &base_key, const crypto::chacha_iv &iv, size_t bytes)
   {
-    // Set a fresh IV only for all-key encryption
-    if (all_keys)
-      m_encryption_iv = crypto::rand<crypto::chacha_iv>();
-
-    // Now do the chacha
-    chacha_wrapper(key, all_keys);
-  }
+    // derive a new key
+    crypto::chacha_key key;
+    derive_key(base_key, key);
 
-  // Start chacha for decryption
-  void account_keys::decrypt_wrapper(const crypto::chacha_key &key, const bool all_keys)
-  {
-    chacha_wrapper(key, all_keys);
+    // chacha
+    epee::wipeable_string buffer0(std::string(bytes, '\0'));
+    epee::wipeable_string buffer1 = buffer0;
+    crypto::chacha20(buffer0.data(), buffer0.size(), key, iv, buffer1.data());
+    return buffer1;
   }
-
-  // Decrypt keys using the legacy method
-  void account_keys::decrypt_legacy(const crypto::chacha_key &key)
+  //-----------------------------------------------------------------
+  void account_keys::xor_with_key_stream(const crypto::chacha_key &key)
   {
-    // Derive domain-separated chacha key
-    crypto::chacha_key derived_key;
-    derive_key(key, derived_key);
-
-    // Build key stream
-    epee::wipeable_string temp(std::string(sizeof(crypto::secret_key)*(2 + m_multisig_keys.size()), '\0'));
-    epee::wipeable_string stream = temp;
-    crypto::chacha20(temp.data(), temp.size(), derived_key, m_encryption_iv, stream.data());
-
-    // Decrypt all keys
-    const char *ptr = stream.data();
+    // encrypt a large enough byte stream with chacha20
+    epee::wipeable_string key_stream = get_key_stream(key, m_encryption_iv, sizeof(crypto::secret_key) * (2 + m_multisig_keys.size()));
+    const char *ptr = key_stream.data();
     for (size_t i = 0; i < sizeof(crypto::secret_key); ++i)
       m_spend_secret_key.data[i] ^= *ptr++;
     for (size_t i = 0; i < sizeof(crypto::secret_key); ++i)
@@ -113,39 +99,33 @@ DISABLE_VS_WARNINGS(4244 4345)
         k.data[i] ^= *ptr++;
     }
   }
-  
-  // Perform chacha on either the view key or all keys
-  void account_keys::chacha_wrapper(const crypto::chacha_key &key, const bool all_keys)
+  //-----------------------------------------------------------------
+  void account_keys::encrypt(const crypto::chacha_key &key)
   {
-    // Derive domain-seprated chacha key
-    crypto::chacha_key derived_key;
-    derive_key(key, derived_key);
-
-    // Chacha the specified keys using the appropriate IVs
-    if (all_keys)
-    {
-      // Spend key
-      crypto::secret_key temp_key;
-      chacha20((char *) &m_spend_secret_key, sizeof(crypto::secret_key), derived_key, m_encryption_iv, (char *) &temp_key);
-      memcpy(&m_spend_secret_key, &temp_key, sizeof(crypto::secret_key));
-      memwipe(&temp_key, sizeof(crypto::secret_key));
-
-      // Multisig keys
-      std::vector<crypto::secret_key> temp_keys;
-      temp_keys.reserve(m_multisig_keys.size());
-      temp_keys.resize(m_multisig_keys.size());
-      chacha20((char *) &m_multisig_keys[0], sizeof(crypto::secret_key)*m_multisig_keys.size(), derived_key, m_encryption_iv, (char *) &temp_keys[0]);
-      memcpy(&m_multisig_keys[0], &temp_keys[0], sizeof(crypto::secret_key)*temp_keys.size());
-      memwipe(&temp_keys[0], sizeof(crypto::secret_key)*temp_keys.size());
-    }
-
-    // View key
-    crypto::secret_key temp_key;
-    chacha20((char *) &m_view_secret_key, sizeof(crypto::secret_key), derived_key, m_encryption_iv, (char *) &temp_key);
-    memcpy(&m_view_secret_key, &temp_key, sizeof(crypto::secret_key));
-    memwipe(&temp_key, sizeof(crypto::secret_key));
+    m_encryption_iv = crypto::rand<crypto::chacha_iv>();
+    xor_with_key_stream(key);
   }
-
+  //-----------------------------------------------------------------
+  void account_keys::decrypt(const crypto::chacha_key &key)
+  {
+    xor_with_key_stream(key);
+  }
+  //-----------------------------------------------------------------
+  void account_keys::encrypt_viewkey(const crypto::chacha_key &key)
+  {
+    // encrypt a large enough byte stream with chacha20
+    epee::wipeable_string key_stream = get_key_stream(key, m_encryption_iv, sizeof(crypto::secret_key) * 2);
+    const char *ptr = key_stream.data();
+    ptr += sizeof(crypto::secret_key);
+    for (size_t i = 0; i < sizeof(crypto::secret_key); ++i)
+      m_view_secret_key.data[i] ^= *ptr++;
+  }
+  //-----------------------------------------------------------------
+  void account_keys::decrypt_viewkey(const crypto::chacha_key &key)
+  {
+    encrypt_viewkey(key);
+  }
+  //-----------------------------------------------------------------
   account_base::account_base()
   {
     set_null();
diff --git a/src/cryptonote_basic/account.h b/src/cryptonote_basic/account.h
index c71c06edd..5288b9b04 100644
--- a/src/cryptonote_basic/account.h
+++ b/src/cryptonote_basic/account.h
@@ -57,15 +57,16 @@ namespace cryptonote
 
     account_keys& operator=(account_keys const&) = default;
 
-    void encrypt_wrapper(const crypto::chacha_key &key, const bool all_keys);
-    void decrypt_wrapper(const crypto::chacha_key &key, const bool all_keys);
-    void decrypt_legacy(const crypto::chacha_key &key);
+    void encrypt(const crypto::chacha_key &key);
+    void decrypt(const crypto::chacha_key &key);
+    void encrypt_viewkey(const crypto::chacha_key &key);
+    void decrypt_viewkey(const crypto::chacha_key &key);
 
     hw::device& get_device()  const ;
     void set_device( hw::device &hwdev) ;
 
   private:
-    void chacha_wrapper(const crypto::chacha_key &key, const bool all_keys);
+    void xor_with_key_stream(const crypto::chacha_key &key);
   };
 
   /************************************************************************/
@@ -99,12 +100,10 @@ namespace cryptonote
     void forget_spend_key();
     const std::vector<crypto::secret_key> &get_multisig_keys() const { return m_keys.m_multisig_keys; }
 
-    void encrypt_keys(const crypto::chacha_key &key) { m_keys.encrypt_wrapper(key, true); }
-    void encrypt_keys_same_iv(const crypto::chacha_key &key) { m_keys.decrypt_wrapper(key, true); } // encryption with the same IV is the same as decryption due to symmetry
-    void decrypt_keys(const crypto::chacha_key &key) { m_keys.decrypt_wrapper(key, true); }
-    void encrypt_viewkey(const crypto::chacha_key &key) { m_keys.encrypt_wrapper(key, false); }
-    void decrypt_viewkey(const crypto::chacha_key &key) { m_keys.decrypt_wrapper(key, false); }
-    void decrypt_legacy(const crypto::chacha_key &key) { m_keys.decrypt_legacy(key); }
+    void encrypt_keys(const crypto::chacha_key &key) { m_keys.encrypt(key); }
+    void decrypt_keys(const crypto::chacha_key &key) { m_keys.decrypt(key); }
+    void encrypt_viewkey(const crypto::chacha_key &key) { m_keys.encrypt_viewkey(key); }
+    void decrypt_viewkey(const crypto::chacha_key &key) { m_keys.decrypt_viewkey(key); }
 
     template <class t_archive>
     inline void serialize(t_archive &a, const unsigned int /*ver*/)