4 files changed, 42 insertions, 33 deletions

diff --git a/src/crypto/CMakeLists.txt b/src/crypto/CMakeLists.txt
index 1e06a0dfd..fd71a87e7 100644
--- a/src/crypto/CMakeLists.txt
+++ b/src/crypto/CMakeLists.txt
@@ -29,7 +29,7 @@
 set(crypto_sources
   aesb.c
   blake256.c
-  chacha8.c
+  chacha.c
   crypto-ops-data.c
   crypto-ops.c
   crypto.cpp
@@ -51,7 +51,7 @@ set(crypto_headers)
 
 set(crypto_private_headers
   blake256.h
-  chacha8.h
+  chacha.h
   crypto-ops.h
   crypto.h
   generic-ops.h
diff --git a/src/crypto/chacha8.c b/src/crypto/chacha.c
index df135af59..f573083be 100644
--- a/src/crypto/chacha8.c
+++ b/src/crypto/chacha.c
@@ -8,7 +8,7 @@ Public domain.
 #include <stdio.h>
 #include <sys/param.h>
 
-#include "chacha8.h"
+#include "chacha.h"
 #include "common/int-util.h"
 #include "warnings.h"
 
@@ -40,7 +40,7 @@ static const char sigma[] = "expand 32-byte k";
 
 DISABLE_GCC_AND_CLANG_WARNING(strict-aliasing)
 
-void chacha8(const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher) {
+static void chacha(unsigned rounds, const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher) {
   uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
   uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
   char* ctarget = 0;
@@ -89,7 +89,7 @@ void chacha8(const void* data, size_t length, const uint8_t* key, const uint8_t*
     x13 = j13;
     x14 = j14;
     x15 = j15;
-    for (i = 8;i > 0;i -= 2) {
+    for (i = rounds;i > 0;i -= 2) {
       QUARTERROUND( x0, x4, x8,x12)
       QUARTERROUND( x1, x5, x9,x13)
       QUARTERROUND( x2, x6,x10,x14)
@@ -168,3 +168,13 @@ void chacha8(const void* data, size_t length, const uint8_t* key, const uint8_t*
     data = (uint8_t*)data + 64;
   }
 }
+
+void chacha8(const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher)
+{
+  chacha(8, data, length, key, iv, cipher);
+}
+
+void chacha20(const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher)
+{
+  chacha(20, data, length, key, iv, cipher);
+}
diff --git a/src/crypto/chacha8.h b/src/crypto/chacha.h
index 80557e9f5..a9665030d 100644
--- a/src/crypto/chacha8.h
+++ b/src/crypto/chacha.h
@@ -33,53 +33,51 @@
 #include <stdint.h>
 #include <stddef.h>
 
-#define CHACHA8_KEY_SIZE 32
-#define CHACHA8_IV_SIZE 8
+#define CHACHA_KEY_SIZE 32
+#define CHACHA_IV_SIZE 8
 
 #if defined(__cplusplus)
 #include <memory.h>
 
+#include "common/memwipe.h"
 #include "hash.h"
 
 namespace crypto {
   extern "C" {
 #endif
     void chacha8(const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher);
+    void chacha20(const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher);
 #if defined(__cplusplus)
   }
 
-#pragma pack(push, 1)
-  struct chacha8_key {
-    uint8_t data[CHACHA8_KEY_SIZE];
-
-    ~chacha8_key()
-    {
-      memset(data, 0, sizeof(data));
-    }
-  };
+  using chacha_key = tools::scrubbed_arr<uint8_t, CHACHA_KEY_SIZE>;
 
-  // MS VC 2012 doesn't interpret `class chacha8_iv` as POD in spite of [9.0.10], so it is a struct
-  struct chacha8_iv {
-    uint8_t data[CHACHA8_IV_SIZE];
+#pragma pack(push, 1)
+  // MS VC 2012 doesn't interpret `class chacha_iv` as POD in spite of [9.0.10], so it is a struct
+  struct chacha_iv {
+    uint8_t data[CHACHA_IV_SIZE];
   };
 #pragma pack(pop)
 
-  static_assert(sizeof(chacha8_key) == CHACHA8_KEY_SIZE && sizeof(chacha8_iv) == CHACHA8_IV_SIZE, "Invalid structure size");
+  static_assert(sizeof(chacha_key) == CHACHA_KEY_SIZE && sizeof(chacha_iv) == CHACHA_IV_SIZE, "Invalid structure size");
+
+  inline void chacha8(const void* data, std::size_t length, const chacha_key& key, const chacha_iv& iv, char* cipher) {
+    chacha8(data, length, key.data(), reinterpret_cast<const uint8_t*>(&iv), cipher);
+  }
 
-  inline void chacha8(const void* data, std::size_t length, const chacha8_key& key, const chacha8_iv& iv, char* cipher) {
-    chacha8(data, length, reinterpret_cast<const uint8_t*>(&key), reinterpret_cast<const uint8_t*>(&iv), cipher);
+  inline void chacha20(const void* data, std::size_t length, const chacha_key& key, const chacha_iv& iv, char* cipher) {
+    chacha20(data, length, key.data(), reinterpret_cast<const uint8_t*>(&iv), cipher);
   }
 
-  inline void generate_chacha8_key(const void *data, size_t size, chacha8_key& key) {
-    static_assert(sizeof(chacha8_key) <= sizeof(hash), "Size of hash must be at least that of chacha8_key");
-    char pwd_hash[HASH_SIZE];
-    crypto::cn_slow_hash(data, size, pwd_hash);
-    memcpy(&key, pwd_hash, sizeof(key));
-    memset(pwd_hash, 0, sizeof(pwd_hash));
+  inline void generate_chacha_key(const void *data, size_t size, chacha_key& key) {
+    static_assert(sizeof(chacha_key) <= sizeof(hash), "Size of hash must be at least that of chacha_key");
+    tools::scrubbed_arr<char, HASH_SIZE> pwd_hash;
+    crypto::cn_slow_hash(data, size, pwd_hash.data());
+    memcpy(&key, pwd_hash.data(), sizeof(key));
   }
 
-  inline void generate_chacha8_key(std::string password, chacha8_key& key) {
-    return generate_chacha8_key(password.data(), password.size(), key);
+  inline void generate_chacha_key(std::string password, chacha_key& key) {
+    return generate_chacha_key(password.data(), password.size(), key);
   }
 }
 
diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index abdea0165..0ce5e6d7a 100644
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -36,9 +36,12 @@
 #include <boost/thread/lock_guard.hpp>
 #include <boost/utility/value_init.hpp>
 #include <boost/optional.hpp>
+#include <type_traits>
 #include <vector>
 
 #include "common/pod-class.h"
+#include "common/util.h"
+#include "common/memwipe.h"
 #include "generic-ops.h"
 #include "hex.h"
 #include "span.h"
@@ -65,9 +68,7 @@ namespace crypto {
     friend class crypto_ops;
   };
 
-  POD_CLASS secret_key: ec_scalar {
-    friend class crypto_ops;
-  };
+  using secret_key = tools::scrubbed<ec_scalar>;
 
   POD_CLASS public_keyV {
     std::vector<public_key> keys;