summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--init_dir.go19
-rw-r--r--mount.go69
2 files changed, 49 insertions, 39 deletions
diff --git a/init_dir.go b/init_dir.go
index 791f7d1..b13f741 100644
--- a/init_dir.go
+++ b/init_dir.go
@@ -36,13 +36,18 @@ func initDir(args *argContainer) {
if args.extpass == "" {
tlog.Info.Printf("Choose a password for protecting your files.")
}
- password := readpassword.Twice(args.extpass)
- readpassword.CheckTrailingGarbage()
- creator := tlog.ProgramName + " " + GitVersion
- err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv, args.devrandom)
- if err != nil {
- tlog.Fatal.Println(err)
- os.Exit(exitcodes.WriteConf)
+ {
+ creator := tlog.ProgramName + " " + GitVersion
+ password := readpassword.Twice(args.extpass)
+ readpassword.CheckTrailingGarbage()
+ err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv, args.devrandom)
+ if err != nil {
+ tlog.Fatal.Println(err)
+ os.Exit(exitcodes.WriteConf)
+ }
+ // Note: cannot overwrite password because in Go, strings are
+ // read-only byte slices.
+ // password runs out of scope here
}
// Forward mode with filename encryption enabled needs a gocryptfs.diriv
// in the root dir
diff --git a/mount.go b/mount.go
index 9b7410d..c19d684 100644
--- a/mount.go
+++ b/mount.go
@@ -93,37 +93,47 @@ func doMount(args *argContainer) int {
}
}()
}
- // Get master key (may prompt for the password)
- var masterkey []byte
var confFile *configfile.ConfFile
- if args.masterkey != "" {
- // "-masterkey"
- masterkey = parseMasterKey(args.masterkey)
- } else if args.zerokey {
- // "-zerokey"
- tlog.Info.Printf("Using all-zero dummy master key.")
- tlog.Info.Printf(tlog.ColorYellow +
- "ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." +
- tlog.ColorReset)
- masterkey = make([]byte, cryptocore.KeyLen)
- } else {
- // Load master key from config file
- // Prompts the user for the password
- masterkey, confFile, err = loadConfig(args)
- if err != nil {
- if args._ctlsockFd != nil {
- // Close the socket file (which also deletes it)
- args._ctlsockFd.Close()
+ var srv *fuse.Server
+ var wipeKeys func()
+ {
+ // Get master key (may prompt for the password)
+ var masterkey []byte
+ if args.masterkey != "" {
+ // "-masterkey"
+ masterkey = parseMasterKey(args.masterkey)
+ } else if args.zerokey {
+ // "-zerokey"
+ tlog.Info.Printf("Using all-zero dummy master key.")
+ tlog.Info.Printf(tlog.ColorYellow +
+ "ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." +
+ tlog.ColorReset)
+ masterkey = make([]byte, cryptocore.KeyLen)
+ } else {
+ // Load master key from config file
+ // Prompts the user for the password
+ masterkey, confFile, err = loadConfig(args)
+ if err != nil {
+ if args._ctlsockFd != nil {
+ // Close the socket file (which also deletes it)
+ args._ctlsockFd.Close()
+ }
+ exitcodes.Exit(err)
}
- exitcodes.Exit(err)
+ readpassword.CheckTrailingGarbage()
+ printMasterKey(masterkey)
+ }
+ // We cannot use JSON for pretty-printing as the fields are unexported
+ tlog.Debug.Printf("cli args: %#v", args)
+ // Initialize FUSE server
+ srv, wipeKeys = initFuseFrontend(masterkey, args, confFile)
+ // fusefrontend / fusefrontend_reverse have initialized their crypto,
+ // we can purge the master key from memory.
+ for i := range masterkey {
+ masterkey[i] = 0
}
- readpassword.CheckTrailingGarbage()
- printMasterKey(masterkey)
+ // masterkey runs out of scope here
}
- // We cannot use JSON for pretty-printing as the fields are unexported
- tlog.Debug.Printf("cli args: %#v", args)
- // Initialize FUSE server
- srv, wipeKeys := initFuseFrontend(masterkey, args, confFile)
tlog.Info.Println(tlog.ColorGreen + "Filesystem mounted and ready." + tlog.ColorReset)
// We have been forked into the background, as evidenced by the set
// "notifypid".
@@ -267,11 +277,6 @@ func initFuseFrontend(masterkey []byte, args *argContainer, confFile *configfile
} else {
fs = fusefrontend.NewFS(frontendArgs, cEnc, nameTransform)
}
- // fusefrontend / fusefrontend_reverse have initialized their crypto with
- // derived keys (HKDF), we can purge the master key from memory.
- for i := range masterkey {
- masterkey[i] = 0
- }
// We have opened the socket early so that we cannot fail here after
// asking the user for the password
if args._ctlsockFd != nil {