summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
authorJakob Unterwurzacher2018-02-17 15:12:45 +0100
committerJakob Unterwurzacher2018-02-17 15:14:55 +0100
commiteeed4b4bef64059e5a52f4ceaa0d3a52b197349a (patch)
treeefd408399b490352fc2704b5ff26fc612d525d29 /internal
parent7e0fefe970b98be7e455f671dbd0e994abd52110 (diff)
stupidgcm: implement key wipe
Not bulletproof due to possible GC copies, but still raises to bar for extracting the key. https://github.com/rfjakob/gocryptfs/issues/211
Diffstat (limited to 'internal')
-rw-r--r--internal/stupidgcm/stupidgcm.go18
1 files changed, 18 insertions, 0 deletions
diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go
index 2660808..9fa730f 100644
--- a/internal/stupidgcm/stupidgcm.go
+++ b/internal/stupidgcm/stupidgcm.go
@@ -56,6 +56,9 @@ func (g *stupidGCM) Seal(dst, iv, in, authData []byte) []byte {
if len(in) == 0 {
log.Panic("Zero-length input data is not supported")
}
+ if len(g.key) != keyLen {
+ log.Panicf("Wrong key length: %d. Key has been wiped?", len(g.key))
+ }
// If the "dst" slice is large enough we can use it as our output buffer
outLen := len(in) + tagLen
@@ -140,6 +143,9 @@ func (g *stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
if len(in) <= tagLen {
log.Panic("Input data too short")
}
+ if len(g.key) != keyLen {
+ log.Panicf("Wrong key length: %d. Key has been wiped?", len(g.key))
+ }
// If the "dst" slice is large enough we can use it as our output buffer
outLen := len(in) - tagLen
@@ -224,3 +230,15 @@ func (g *stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
}
return append(dst, buf...), nil
}
+
+// Wipe wipes the AES key from memory by overwriting it with zeros and
+// setting the reference to nil.
+//
+// This is not bulletproof due to possible GC copies, but
+// still raises to bar for extracting the key.
+func (g *stupidGCM) Wipe() {
+ for i := range g.key {
+ g.key[i] = 0
+ }
+ g.key = nil
+}