main: move getMasterKey into initFuseFrontend

This is where the results are used, so call it there. This simplifies doMount a bit because we can get rid of the block protecting masterkey.
author: Jakob Unterwurzacher 2018-04-01 15:47:35 +0200
committer: Jakob Unterwurzacher 2018-04-01 15:47:35 +0200
commit: 93849e28d8c40c567763c34a56c337aa321ef178 (patch)
tree: 330ce35ecc823892c87dd07fc32328e3b097c534 /mount.go
parent: a4f3a7dca2edd54ccc7941c73a33ba0ca0d34fdb (diff)
1 files changed, 39 insertions, 34 deletions
diff --git a/mount.go b/mount.go
index c21fa01..4bac80e 100644
--- a/mount.go
+++ b/mount.go
@@ -92,26 +92,15 @@ func doMount(args *argContainer) {
 			}
 		}()
 	}
-	var confFile *configfile.ConfFile
-	var srv *fuse.Server
-	{
-		var masterkey []byte
-		// Get master key (may prompt for the password)
-		masterkey, confFile = getMasterKey(args)
-		// We cannot use JSON for pretty-printing as the fields are unexported
-		tlog.Debug.Printf("cli args: %#v", args)
-		// Initialize FUSE server
-		var wipeKeys func()
-		srv, wipeKeys = initFuseFrontend(masterkey, args, confFile)
-		// Try to wipe secrect keys from memory after unmount
-		defer wipeKeys()
-		// fusefrontend / fusefrontend_reverse have initialized their crypto,
-		// we can purge the master key from memory.
-		for i := range masterkey {
-			masterkey[i] = 0
-		}
-		// masterkey runs out of scope here
-	}
+	// We cannot use JSON for pretty-printing as the fields are unexported
+	tlog.Debug.Printf("cli args: %#v", args)
+	// Initialize gocryptfs
+	fs, wipeKeys := initFuseFrontend(args)
+	// Initialize go-fuse FUSE server
+	srv := initGoFuse(fs, args)
+	// Try to wipe secrect keys from memory after unmount
+	defer wipeKeys()
+
 	tlog.Info.Println(tlog.ColorGreen + "Filesystem mounted and ready." + tlog.ColorReset)
 	// We have been forked into the background, as evidenced by the set
 	// "notifypid".
@@ -181,7 +170,9 @@ type ctlsockFs interface {
 
 // initFuseFrontend - initialize gocryptfs/fusefrontend
 // Calls os.Exit on errors
-func initFuseFrontend(masterkey []byte, args *argContainer, confFile *configfile.ConfFile) (srv *fuse.Server, wipeKeys func()) {
+func initFuseFrontend(args *argContainer) (pfs pathfs.FileSystem, wipeKeys func()) {
+	// Get master key (may prompt for the password) and read config file
+	masterkey, confFile := getMasterKey(args)
 	// Reconciliate CLI and config file arguments into a fusefrontend.Args struct
 	// that is passed to the filesystem implementation
 	cryptoBackend := cryptocore.BackendGoGCM
@@ -226,18 +217,17 @@ func initFuseFrontend(masterkey []byte, args *argContainer, confFile *configfile
 	}
 	jsonBytes, _ := json.MarshalIndent(frontendArgs, "", "\t")
 	tlog.Debug.Printf("frontendArgs: %s", string(jsonBytes))
-	// pathFsOpts are passed into go-fuse/pathfs
-	pathFsOpts := &pathfs.PathNodeFsOptions{ClientInodes: true}
-	if args.sharedstorage {
-		// shared storage mode disables hard link tracking as the backing inode
-		// numbers may change behind our back:
-		// https://github.com/rfjakob/gocryptfs/issues/156
-		pathFsOpts.ClientInodes = false
-	}
+
 	// Init crypto backend
 	cCore := cryptocore.New(masterkey, cryptoBackend, contentenc.DefaultIVBits, args.hkdf, args.forcedecode)
 	cEnc := contentenc.New(cCore, contentenc.DefaultBS, args.forcedecode)
 	nameTransform := nametransform.New(cCore.EMECipher, frontendArgs.LongNames, args.raw64)
+	// After the crypto backend is initialized,
+	// we can purge the master key from memory.
+	for i := range masterkey {
+		masterkey[i] = 0
+	}
+	masterkey = nil
 	// Spawn fusefrontend
 	var fs ctlsockFs
 	if args.reverse {
@@ -245,10 +235,7 @@ func initFuseFrontend(masterkey []byte, args *argContainer, confFile *configfile
 			log.Panic("reverse mode must use AES-SIV, everything else is insecure")
 		}
 		fs = fusefrontend_reverse.NewFS(frontendArgs, cEnc, nameTransform)
-		// Reverse mode is read-only, so we don't need a working link().
-		// Disable hard link tracking to avoid strange breakage on duplicate
-		// inode numbers ( https://github.com/rfjakob/gocryptfs/issues/149 ).
-		pathFsOpts.ClientInodes = false
+
 	} else {
 		fs = fusefrontend.NewFS(frontendArgs, cEnc, nameTransform)
 	}
@@ -257,6 +244,24 @@ func initFuseFrontend(masterkey []byte, args *argContainer, confFile *configfile
 	if args._ctlsockFd != nil {
 		go ctlsock.Serve(args._ctlsockFd, fs)
 	}
+	return fs, func() { cCore.Wipe() }
+}
+
+func initGoFuse(fs pathfs.FileSystem, args *argContainer) *fuse.Server {
+	// pathFsOpts are passed into go-fuse/pathfs
+	pathFsOpts := &pathfs.PathNodeFsOptions{ClientInodes: true}
+	if args.sharedstorage {
+		// shared storage mode disables hard link tracking as the backing inode
+		// numbers may change behind our back:
+		// https://github.com/rfjakob/gocryptfs/issues/156
+		pathFsOpts.ClientInodes = false
+	}
+	if args.reverse {
+		// Reverse mode is read-only, so we don't need a working link().
+		// Disable hard link tracking to avoid strange breakage on duplicate
+		// inode numbers ( https://github.com/rfjakob/gocryptfs/issues/149 ).
+		pathFsOpts.ClientInodes = false
+	}
 	pathFs := pathfs.NewPathNodeFs(fs, pathFsOpts)
 	var fuseOpts *nodefs.Options
 	if args.sharedstorage {
@@ -343,7 +348,7 @@ func initFuseFrontend(masterkey []byte, args *argContainer, confFile *configfile
 	// directories with the requested permissions.
 	syscall.Umask(0000)
 
-	return srv, func() { cCore.Wipe() }
+	return srv
 }
 
 func handleSigint(srv *fuse.Server, mountpoint string) {
author	Jakob Unterwurzacher	2018-04-01 15:47:35 +0200
committer	Jakob Unterwurzacher	2018-04-01 15:47:35 +0200
commit	93849e28d8c40c567763c34a56c337aa321ef178 (patch)
tree	330ce35ecc823892c87dd07fc32328e3b097c534 /mount.go
parent	a4f3a7dca2edd54ccc7941c73a33ba0ca0d34fdb (diff)