crypto: make ChaCha20::SetKey wipe buffer

sipa · sipa · commit 57cc136282c3 · 2023-08-17T15:37:41.000-04:00
diff --git a/src/crypto/chacha20.cpp b/src/crypto/chacha20.cpp
@@ -335,6 +335,13 @@ ChaCha20::~ChaCha20()
     memory_cleanse(m_buffer.data(), m_buffer.size());
 }
 
+void ChaCha20::SetKey(Span<const std::byte> key) noexcept
+{
+    m_aligned.SetKey(key);
+    m_bufleft = 0;
+    memory_cleanse(m_buffer.data(), m_buffer.size());
+}
+
 FSChaCha20::FSChaCha20(Span<const std::byte> key, uint32_t rekey_interval) noexcept :
     m_chacha20(key), m_rekey_interval(rekey_interval)
 {
diff --git a/src/crypto/chacha20.h b/src/crypto/chacha20.h
@@ -95,11 +95,7 @@ class ChaCha20
     ~ChaCha20();
 
     /** Set 32-byte key, and seek to nonce 0 and block position 0. */
-    void SetKey(Span<const std::byte> key) noexcept
-    {
-        m_aligned.SetKey(key);
-        m_bufleft = 0;
-    }
+    void SetKey(Span<const std::byte> key) noexcept;
 
     /** 96-bit nonce type. */
     using Nonce96 = ChaCha20Aligned::Nonce96;

Original file line number	Diff line number	Diff line change
`@@ -335,6 +335,13 @@ ChaCha20::~ChaCha20()`
`335`	`335`	`memory_cleanse(m_buffer.data(), m_buffer.size());`
`336`	`336`	`}`
`337`	`337`
	`338`	`+void ChaCha20::SetKey(Span<const std::byte> key) noexcept`
	`339`	`+{`
	`340`	`+ m_aligned.SetKey(key);`
	`341`	`+ m_bufleft = 0;`
	`342`	`+ memory_cleanse(m_buffer.data(), m_buffer.size());`
	`343`	`+}`
	`344`	`+`
`338`	`345`	`FSChaCha20::FSChaCha20(Span<const std::byte> key, uint32_t rekey_interval) noexcept :`
`339`	`346`	`m_chacha20(key), m_rekey_interval(rekey_interval)`
`340`	`347`	`{`