summaryrefslogtreecommitdiff
path: root/mount.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2018-02-18 12:42:22 +0100
committerJakob Unterwurzacher2018-02-18 12:42:22 +0100
commit5b5c7a0a5d73859f74d2151061593ba2f9f9cac7 (patch)
treeaaf168d4e7e26c26fc30f8484f0286f11114b83e /mount.go
parentbd78b44389189a57816f9d5be3e4c5fb3c73700f (diff)
main: overwrite keys and let them run out of scope
As soon as we don't need them anymore, overwrite keys with zeros. Make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211
Diffstat (limited to 'mount.go')
-rw-r--r--mount.go69
1 files changed, 37 insertions, 32 deletions
diff --git a/mount.go b/mount.go
index 9b7410d..c19d684 100644
--- a/mount.go
+++ b/mount.go
@@ -93,37 +93,47 @@ func doMount(args *argContainer) int {
}
}()
}
- // Get master key (may prompt for the password)
- var masterkey []byte
var confFile *configfile.ConfFile
- if args.masterkey != "" {
- // "-masterkey"
- masterkey = parseMasterKey(args.masterkey)
- } else if args.zerokey {
- // "-zerokey"
- tlog.Info.Printf("Using all-zero dummy master key.")
- tlog.Info.Printf(tlog.ColorYellow +
- "ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." +
- tlog.ColorReset)
- masterkey = make([]byte, cryptocore.KeyLen)
- } else {
- // Load master key from config file
- // Prompts the user for the password
- masterkey, confFile, err = loadConfig(args)
- if err != nil {
- if args._ctlsockFd != nil {
- // Close the socket file (which also deletes it)
- args._ctlsockFd.Close()
+ var srv *fuse.Server
+ var wipeKeys func()
+ {
+ // Get master key (may prompt for the password)
+ var masterkey []byte
+ if args.masterkey != "" {
+ // "-masterkey"
+ masterkey = parseMasterKey(args.masterkey)
+ } else if args.zerokey {
+ // "-zerokey"
+ tlog.Info.Printf("Using all-zero dummy master key.")
+ tlog.Info.Printf(tlog.ColorYellow +
+ "ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." +
+ tlog.ColorReset)
+ masterkey = make([]byte, cryptocore.KeyLen)
+ } else {
+ // Load master key from config file
+ // Prompts the user for the password
+ masterkey, confFile, err = loadConfig(args)
+ if err != nil {
+ if args._ctlsockFd != nil {
+ // Close the socket file (which also deletes it)
+ args._ctlsockFd.Close()
+ }
+ exitcodes.Exit(err)
}
- exitcodes.Exit(err)
+ readpassword.CheckTrailingGarbage()
+ printMasterKey(masterkey)
+ }
+ // We cannot use JSON for pretty-printing as the fields are unexported
+ tlog.Debug.Printf("cli args: %#v", args)
+ // Initialize FUSE server
+ srv, wipeKeys = initFuseFrontend(masterkey, args, confFile)
+ // fusefrontend / fusefrontend_reverse have initialized their crypto,
+ // we can purge the master key from memory.
+ for i := range masterkey {
+ masterkey[i] = 0
}
- readpassword.CheckTrailingGarbage()
- printMasterKey(masterkey)
+ // masterkey runs out of scope here
}
- // We cannot use JSON for pretty-printing as the fields are unexported
- tlog.Debug.Printf("cli args: %#v", args)
- // Initialize FUSE server
- srv, wipeKeys := initFuseFrontend(masterkey, args, confFile)
tlog.Info.Println(tlog.ColorGreen + "Filesystem mounted and ready." + tlog.ColorReset)
// We have been forked into the background, as evidenced by the set
// "notifypid".
@@ -267,11 +277,6 @@ func initFuseFrontend(masterkey []byte, args *argContainer, confFile *configfile
} else {
fs = fusefrontend.NewFS(frontendArgs, cEnc, nameTransform)
}
- // fusefrontend / fusefrontend_reverse have initialized their crypto with
- // derived keys (HKDF), we can purge the master key from memory.
- for i := range masterkey {
- masterkey[i] = 0
- }
// We have opened the socket early so that we cannot fail here after
// asking the user for the password
if args._ctlsockFd != nil {