diff options
author | Jakob Unterwurzacher | 2018-02-17 15:12:45 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2018-02-17 15:14:55 +0100 |
commit | eeed4b4bef64059e5a52f4ceaa0d3a52b197349a (patch) | |
tree | efd408399b490352fc2704b5ff26fc612d525d29 /internal/stupidgcm | |
parent | 7e0fefe970b98be7e455f671dbd0e994abd52110 (diff) |
stupidgcm: implement key wipe
Not bulletproof due to possible GC copies, but
still raises to bar for extracting the key.
https://github.com/rfjakob/gocryptfs/issues/211
Diffstat (limited to 'internal/stupidgcm')
-rw-r--r-- | internal/stupidgcm/stupidgcm.go | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go index 2660808..9fa730f 100644 --- a/internal/stupidgcm/stupidgcm.go +++ b/internal/stupidgcm/stupidgcm.go @@ -56,6 +56,9 @@ func (g *stupidGCM) Seal(dst, iv, in, authData []byte) []byte { if len(in) == 0 { log.Panic("Zero-length input data is not supported") } + if len(g.key) != keyLen { + log.Panicf("Wrong key length: %d. Key has been wiped?", len(g.key)) + } // If the "dst" slice is large enough we can use it as our output buffer outLen := len(in) + tagLen @@ -140,6 +143,9 @@ func (g *stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) { if len(in) <= tagLen { log.Panic("Input data too short") } + if len(g.key) != keyLen { + log.Panicf("Wrong key length: %d. Key has been wiped?", len(g.key)) + } // If the "dst" slice is large enough we can use it as our output buffer outLen := len(in) - tagLen @@ -224,3 +230,15 @@ func (g *stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) { } return append(dst, buf...), nil } + +// Wipe wipes the AES key from memory by overwriting it with zeros and +// setting the reference to nil. +// +// This is not bulletproof due to possible GC copies, but +// still raises to bar for extracting the key. +func (g *stupidGCM) Wipe() { + for i := range g.key { + g.key[i] = 0 + } + g.key = nil +} |