aboutsummaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-08-11 18:42:30 +0200
committerJakob Unterwurzacher2017-08-11 19:02:26 +0200
commit0c520845f3623eff28f0277a52e3ccffd928f5c2 (patch)
tree82a3e0f8c55ae980d29e33b230954638229089c9 /internal
parentf59479736bed49411bda3368f419d6605f1faa78 (diff)
main: purge masterkey from memory as soon as possible
Remove the "Masterkey" field from fusefrontend.Args because it should not be stored longer than neccessary. Instead pass the masterkey as a separate argument to the filesystem initializers. Then overwrite it with zeros immediately so we don't have to wait for garbage collection. Note that the crypto implementation still stores at least a masterkey-derived value, so this change makes it harder, but not impossible, to extract the encryption keys from memory. Suggested at https://github.com/rfjakob/gocryptfs/issues/137
Diffstat (limited to 'internal')
-rw-r--r--internal/cryptocore/cryptocore.go10
-rw-r--r--internal/fusefrontend/args.go1
-rw-r--r--internal/fusefrontend/fs.go4
-rw-r--r--internal/fusefrontend_reverse/rfs.go4
4 files changed, 12 insertions, 7 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 1ad928d..aafe12b 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -72,7 +72,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
emeCipher = eme.New(emeBlockCipher)
}
- // Initilize an AEAD cipher for file content encryption.
+ // Initialize an AEAD cipher for file content encryption.
var aeadCipher cipher.AEAD
if aeadType == BackendOpenSSL || aeadType == BackendGoGCM {
gcmKey := key
@@ -84,7 +84,13 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
if IVLen != 16 {
log.Panic("stupidgcm only supports 128-bit IVs")
}
- aeadCipher = stupidgcm.New(gcmKey, forceDecode)
+ // stupidgcm does not create a private copy of the key, so things
+ // break when initFuseFrontend() overwrites it with zeros. Create
+ // a copy here. This is unneccessary when useHKDF == true, but
+ // does no harm.
+ var stupidgcmKey []byte
+ stupidgcmKey = append(stupidgcmKey, gcmKey...)
+ aeadCipher = stupidgcm.New(stupidgcmKey, forceDecode)
case BackendGoGCM:
goGcmBlockCipher, err := aes.NewCipher(gcmKey)
if err != nil {
diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index 37f4463..fc9de73 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -7,7 +7,6 @@ import (
// Args is a container for arguments that are passed from main() to fusefrontend
type Args struct {
- Masterkey []byte
// Cipherdir is the backing storage directory (absolute path).
// For reverse mode, Cipherdir actually contains *plaintext* files.
Cipherdir string
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index 7a23710..3c442a5 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -42,8 +42,8 @@ type FS struct {
var _ pathfs.FileSystem = &FS{} // Verify that interface is implemented.
// NewFS returns a new encrypted FUSE overlay filesystem.
-func NewFS(args Args) *FS {
- cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF, args.ForceDecode)
+func NewFS(masterkey []byte, args Args) *FS {
+ cryptoCore := cryptocore.New(masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF, args.ForceDecode)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS, args.ForceDecode)
nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index 76b1361..53e6d22 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -40,12 +40,12 @@ var _ pathfs.FileSystem = &ReverseFS{}
// NewFS returns an encrypted FUSE overlay filesystem.
// In this case (reverse mode) the backing directory is plain-text and
// ReverseFS provides an encrypted view.
-func NewFS(args fusefrontend.Args) *ReverseFS {
+func NewFS(masterkey []byte, args fusefrontend.Args) *ReverseFS {
if args.CryptoBackend != cryptocore.BackendAESSIV {
log.Panic("reverse mode must use AES-SIV, everything else is insecure")
}
initLongnameCache()
- cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF, false)
+ cryptoCore := cryptocore.New(masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF, false)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS, false)
nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)