diff options
author | Jakob Unterwurzacher | 2018-02-18 11:33:47 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2018-02-18 11:39:10 +0100 |
commit | 18f6c6106c66ba1fe6e7b48aaa5dd444ba0f9b09 (patch) | |
tree | 98d0fd648fee94bd6b4852144250f1a53e247da3 /internal/cryptocore | |
parent | 719693ec5dd1153318606f151915231d71ddfe0b (diff) |
main: try to wipe cryptocore's secret keys on unmount
Raise the bar for recovering keys from memory.
https://github.com/rfjakob/gocryptfs/issues/211
Diffstat (limited to 'internal/cryptocore')
-rw-r--r-- | internal/cryptocore/cryptocore.go | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 9e25bfa..a355342 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -8,11 +8,13 @@ import ( "crypto/sha512" "fmt" "log" + "runtime" "github.com/rfjakob/eme" "github.com/rfjakob/gocryptfs/internal/siv_aead" "github.com/rfjakob/gocryptfs/internal/stupidgcm" + "github.com/rfjakob/gocryptfs/internal/tlog" ) // AEADTypeEnum indicates the type of AEAD backend in use. @@ -129,3 +131,25 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec IVLen: IVLen, } } + +// Wipe tries to wipe secret keys from memory by overwriting them with zeros +// and/or setting references to nil. +// +// This is not bulletproof due to possible GC copies, but +// still raises to bar for extracting the key. +func (c *CryptoCore) Wipe() { + if c.AEADBackend == BackendOpenSSL { + tlog.Debug.Print("CryptoCore.Wipe: Wiping stupidgcm key") + // We don't use "x, ok :=" because we *want* to crash loudly if the + // type assertion fails (it should never fail). + sgcm := c.AEADCipher.(*stupidgcm.StupidGCM) + sgcm.Wipe() + } else { + tlog.Debug.Print("CryptoCore.Wipe: niling stdlib refs") + } + // We have no access to the keys (or key-equivalents) stored inside the + // Go stdlib. Best we can is to nil the references and force a GC. + c.AEADCipher = nil + c.EMECipher = nil + runtime.GC() +} |